PT-2019-14439 · Socomec · Socomec Diris A-40

Jens Timmerman

Publicado

2019-10-09

Atualizado

2020-08-24

CVE-2019-15859

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Socomec DIRIS A-40 devices version prior to 48250501

Description The issue allows a remote attacker to gain full access to a device through the web interface. This is achieved by accessing the "/password.jsn" URI, which discloses passwords.

Recommendations For Socomec DIRIS A-40 devices version prior to 48250501, update to version 48250501 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/password.jsn" URI to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2019-15859

Produtos afetados

Socomec Diris A-40

PT-2019-14439 · Socomec · Socomec Diris A-40

CVE-2019-15859

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5