PT-2018-4996 · Phoenix Contact · Phoenix Contact Ilc Plcs

Deneut Tijl

Publicado

2018-04-05

Atualizado

2018-10-13

CVE-2016-8366

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Phoenix Contact ILC PLCs (affected versions not specified)

Description The issue concerns the storage and transfer of passwords in clear text due to the configuration of the password macro in Webvisit. This macro is intended to protect HMI pages on the PLC against unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255CWE-312

Identificadores relacionados

CVE-2016-8366

Produtos afetados

Phoenix Contact Ilc Plcs

PT-2018-4996 · Phoenix Contact · Phoenix Contact Ilc Plcs

CVE-2016-8366

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4