PT-2019-15011 · V Zug · V-Zug Combi-Steam Mslq

Marc Ruef

Published

2019-10-06

Updated

2021-07-21

CVE-2019-17218

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions V-Zug Combi-Steam MSLQ devices versions before Ethernet R07 and before WLAN R05

Description An issue was discovered where communication to the web service is unencrypted via http by default. This allows an attacker to intercept and sniff communication to the web service.

Recommendations For V-Zug Combi-Steam MSLQ devices before Ethernet R07, update to Ethernet R07 or later to enable encrypted communication. For V-Zug Combi-Steam MSLQ devices before WLAN R05, update to WLAN R05 or later to enable encrypted communication. As a temporary workaround, consider restricting access to the web service until an update can be applied.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-17218

Affected Products

V-Zug Combi-Steam Mslq

PT-2019-15011 · V Zug · V-Zug Combi-Steam Mslq

CVE-2019-17218

Weakness Enumeration

Related Identifiers

Affected Products

References · 3