CVE-2017-20007

Name of the Vulnerable Software and Affected Versions Ingeteam INGEPAC DA AU AUC versions 1.13.0.28 and earlier

Description The web application of the affected software allows access to a certain path containing sensitive information, which could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device's web service could exploit this issue to obtain different configuration files.

Recommendations For versions 1.13.0.28 and earlier, restrict access to the web service to minimize the risk of exploitation. As a temporary workaround, consider limiting access to sensitive configuration files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.