PT-2017-17162 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo
Stick-U235
·
Published
2017-05-01
·
Updated
2024-02-14
·
CVE-2017-6565
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Franklin Fueling Systems TS-550 evo version 2.3.0.7332
Description
The issue allows an attacker to upload malicious files to the server hosting the web service due to the lack of sanitization checks. This can be achieved by exploiting a specific weakness to obtain the roleDiag user credentials.
Recommendations
For Franklin Fueling Systems TS-550 evo version 2.3.0.7332, consider restricting file upload capabilities for the roleDiag user until a proper fix is implemented to sanitize uploaded files and prevent malicious payloads.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Franklin Fueling Systems Ts-550 Evo