CVE-2019-11536

Name of the Vulnerable Software and Affected Versions Kalki Kalkitech SYNC3000 Substation DCU GPC versions 2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, 3.6.1

Description The issue allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access. This can be done through the webserver interface, typically via a browser, and requires network connectivity to the device.

Recommendations For versions 2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, 3.6.1, consider installing WebHMI to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.