PT-2019-15011 · V Zug · V-Zug Combi-Steam Mslq

Marc Ruef

Publicado

2019-10-06

Atualizado

2021-07-21

CVE-2019-17218

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions V-Zug Combi-Steam MSLQ devices versions before Ethernet R07 and before WLAN R05

Description An issue was discovered where communication to the web service is unencrypted via http by default. This allows an attacker to intercept and sniff communication to the web service.

Recommendations For V-Zug Combi-Steam MSLQ devices before Ethernet R07, update to Ethernet R07 or later to enable encrypted communication. For V-Zug Combi-Steam MSLQ devices before WLAN R05, update to WLAN R05 or later to enable encrypted communication. As a temporary workaround, consider restricting access to the web service until an update can be applied.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2019-17218

Produtos afetados

V-Zug Combi-Steam Mslq

PT-2019-15011 · V Zug · V-Zug Combi-Steam Mslq

CVE-2019-17218

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3