PT-2018-9477 · Battelle · Battelle V2I Hub

Published

2018-12-28

Updated

2019-10-03

CVE-2018-1000624

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Battelle V2I Hub version 2.5.1

Description The issue is caused by the failure to restrict access to a sensitive functionality, allowing a remote attacker to shut down the system. This can be exploited by visiting the "http://V2I HUB/UI/powerdown.php" API endpoint.

Recommendations For Battelle V2I Hub version 2.5.1, restrict access to the powerdown.php functionality to prevent unauthorized shutdowns of the system. Consider implementing proper access controls to sensitive functionalities to mitigate the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2018-1000624

Affected Products

Battelle V2I Hub

PT-2018-9477 · Battelle · Battelle V2I Hub

CVE-2018-1000624

Weakness Enumeration

Related Identifiers

Affected Products

References · 3