CVE-2020-24051

Name of the Vulnerable Software and Affected Versions Moog EXO Series versions EXVF5C-2 and EXVP7C2-3

Description A security issue was found in the Moog EXO Series units that support the ONVIF interoperability protocol. The authentication check for certain ONVIF operations can be bypassed, allowing an attacker to execute privileged operations without authentication. This could enable the creation of a new Administrator user.

Recommendations For Moog EXO Series versions EXVF5C-2 and EXVP7C2-3, as a temporary workaround, consider disabling the ONVIF protocol until a patch is available. Restrict access to privileged operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.