CVE-2020-15809

Name of the Vulnerable Software and Affected Versions SpinetiX HMP350 versions 4.5.2-1.0.36229 and earlier SpinetiX HMP300 versions 4.5.2-1.0.36229 and earlier SpinetiX DiVA versions 4.5.2-1.0.36229 and earlier SpinetiX HMP400 versions 4.5.2-1.0.2-1eb2ffbd and earlier SpinetiX HMP400W versions 4.5.2-1.0.2-1eb2ffbd and earlier SpinetiX DSOS versions 4.5.2-1.0.2-1eb2ffbd and earlier

Description The issue affects certain SpinetiX devices, allowing requests to access unintended resources due to Server-Side Request Forgery (SSRF) and Path Traversal. This enables unauthorized access to sensitive data.

Recommendations For SpinetiX HMP350 versions 4.5.2-1.0.36229 and earlier, update to a version later than 4.5.2-1.0.36229. For SpinetiX HMP300 versions 4.5.2-1.0.36229 and earlier, update to a version later than 4.5.2-1.0.36229. For SpinetiX DiVA versions 4.5.2-1.0.36229 and earlier, update to a version later than 4.5.2-1.0.36229. For SpinetiX HMP400 versions 4.5.2-1.0.2-1eb2ffbd and earlier, update to a version later than 4.5.2-1.0.2-1eb2ffbd. For SpinetiX HMP400W versions 4.5.2-1.0.2-1eb2ffbd and earlier, update to a version later than 4.5.2-1.0.2-1eb2ffbd. For SpinetiX DSOS versions 4.5.2-1.0.2-1eb2ffbd and earlier, update to a version later than 4.5.2-1.0.2-1eb2ffbd.