PT-2021-17981 · Bab Technologie Gmbh · Eibport V3

Psytester

Published

2021-09-09

Updated

2021-09-20

CVE-2021-28911

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: BAB TECHNOLOGIE GmbH eibPort V3 versions prior to 3.9.1

Description: The issue allows unauthenticated attackers to access the /tmp path, which contains sensitive data such as the device serial number. This information can be used to self-calculate a possible loginId, enabling a brute force attack against the BMX interface. This can be part of an attack chain to gain SSH root access.

Recommendations: For versions prior to 3.9.1, update to version 3.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp path and the BMX interface to minimize the risk of exploitation.

Fix

Improper Restriction of Excessive Authentication Attempts

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-863

Related Identifiers

CVE-2021-28911

Affected Products

Eibport V3

PT-2021-17981 · Bab Technologie Gmbh · Eibport V3

CVE-2021-28911

Weakness Enumeration

Related Identifiers

Affected Products

References · 3