PT-2019-15012 · V Zug · V-Zug Combi-Steam Mslq

Marc Ruef

Published

2019-10-06

Updated

2020-08-24

CVE-2019-17219

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions V-Zug Combi-Steam MSLQ devices before Ethernet R07 V-Zug Combi-Steam MSLQ devices before WLAN R05

Description An issue was discovered where the device does not enforce any authentication by default. This allows an adjacent attacker to use the network interface without proper access control.

Recommendations For V-Zug Combi-Steam MSLQ devices before Ethernet R07, update to Ethernet R07 or later to resolve the issue. For V-Zug Combi-Steam MSLQ devices before WLAN R05, update to WLAN R05 or later to resolve the issue. As a temporary workaround, consider restricting access to the network interface until a patch is available.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-17219

Affected Products

V-Zug Combi-Steam Mslq

PT-2019-15012 · V Zug · V-Zug Combi-Steam Mslq

CVE-2019-17219

Weakness Enumeration

Related Identifiers

Affected Products

References · 3