Name of the Vulnerable Software and Affected Versions TeNIX (affected versions not specified)

Description The issue is related to the lack of an authentication procedure in the pnp-save.sh service of the TeNIX operating system used in МФК1500 and МФК3000 programmable logic controllers. This allows a remote attacker to read data saved by other users from the /tenix/data/pnp/other.tar file by accessing the pnp-save.sh service without undergoing an authentication process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.