PT-2021-15571 · Rexroth+1 · Indramotion Mlc L20+13
Eran Jacob
+2
·
Published
2021-10-04
·
Updated
2022-08-30
·
CVE-2021-23858
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
No specific software or versions are mentioned.
Description:
The issue involves information disclosure where the main configuration, including users and their hashed passwords, is exposed through an unprotected web server resource. This exposure allows access to sensitive information without requiring authentication. Furthermore, device details such as the serial number and firmware version are also exposed due to another unprotected web server resource.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Indramotion Mlc L20
Indramotion Mlc L25
Indracontrol Xlc Firmware
Rexroth Indramotion Mlc L20 Firmware
Rexroth Indramotion Mlc L25 Firmware
Rexroth Indramotion Mlc L40 Firmware
Rexroth Indramotion Mlc L45 Firmware
Rexroth Indramotion Mlc L65 Firmware
Rexroth Indramotion Mlc L75 Firmware
Rexroth Indramotion Mlc L85 Firmware
Rexroth Indramotion Mlc Xm21 Firmware
Rexroth Indramotion Mlc Xm22 Firmware
Rexroth Indramotion Mlc Xm41 Firmware
Rexroth Indramotion Mlc Xm42 Firmware