PT-2023-14612 · Wellintech · Kinghistorian

Carl Hurd

Publicado

2023-03-20

Atualizado

2023-07-07

CVE-2022-45124

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WellinTech KingHistorian version 35.01.00.05

Description An information disclosure issue exists in the User authentication functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this issue.

Recommendations For WellinTech KingHistorian version 35.01.00.05, consider restricting access to the network to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the User authentication functionality to reduce the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Improper Authentication

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-200

Identificadores relacionados

CVE-2022-45124

Produtos afetados

Kinghistorian

PT-2023-14612 · Wellintech · Kinghistorian

CVE-2022-45124

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6