PT-2017-17161 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo
Stick-U235
·
Published
2017-05-01
·
Updated
2024-02-14
·
CVE-2017-6564
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Franklin Fueling Systems TS-550 evo version 2.3.0.7332
Description
The issue allows an attacker with the lowest privileges, as the Guest user, to download sensitive system files from the host machine. This is achieved by posting to the
idSourceFileName parameter within the "/download" directory. The accessible files can include databases containing information useful for further attacks.Recommendations
For Franklin Fueling Systems TS-550 evo version 2.3.0.7332, consider restricting access to the
/download directory to prevent unauthorized file downloads. Additionally, limit the ability of the Guest user to post to the idSourceFileName parameter to minimize the risk of exploitation.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Franklin Fueling Systems Ts-550 Evo