Marc Gessler

Researcher fromSySS GmbH
#12758of 53,632
21.1Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2023-24260
6.1
2023-06-30
Gira Giersiepen · Gira Knx/Ip-Router · CVE-2023-33276
**Name of the Vulnerable Software and Affected Versions** Gira Giersiepen Gira KNX/IP-Router versions 3.1.3683.0 through 3.3.8.0 **Description** The web interface of the affected software responds with a "404 - Not Found" status code when accessing a non-existent path, and the value of the path is reflected in the response. The application is vulnerable to reflective cross-site scripting (XSS) because it reflects the supplied path without context-sensitive HTML encoding. **Recommendations** For versions 3.1.3683.0 through 3.3.8.0, consider disabling access to the web interface until a patch is available to prevent reflective cross-site scripting (XSS) attacks. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface to access non-existent paths until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-24261
7.5
2023-06-29
Gira Giersiepen · Gira Knx/Ip-Router · CVE-2023-33277
**Name of the Vulnerable Software and Affected Versions** Gira Giersiepen Gira KNX/IP-Router versions 3.1.3683.0 through 3.3.8.0 **Description** The web interface of the affected device allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. This issue enables unauthorized access to sensitive information. **Recommendations** For versions 3.1.3683.0 through 3.3.8.0, consider restricting access to the web interface until a patch is available. As a temporary workaround, avoid using directory-traversal sequences in URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-24013
7.5
2023-05-17
Symcon · Ip-Symcon · CVE-2023-32767
**Name of the Vulnerable Software and Affected Versions** Symcon IP-Symcon versions prior to 6.3 **Description** The web interface of Symcon IP-Symcon allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. This issue enables unauthorized access to sensitive information. **Recommendations** For versions prior to 6.3, update to version 6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface until the update is applied.