PT-2018-17677 · Omron · Omron Ns
Capitan Alfalo
·
Published
2018-02-05
·
Updated
2019-10-03
·
CVE-2018-6624
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OMRON NS devices versions 1.1 through 1.3
Description
The issue allows remote attackers to bypass authentication by making a direct request to the .html file for a specific screen. For example, this can be achieved by accessing the "monitor.html" file.
Recommendations
For OMRON NS devices versions 1.1 through 1.3, consider restricting direct access to .html files for specific screens, such as "monitor.html", until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omron Ns