PT-2022-13594 · Automated Logic · Webctrl Server

Chizuru Toyama

Published

2022-04-19

Updated

2022-04-27

CVE-2022-1019

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Automated Logic's WebCtrl Server version 6.1

Description The issue allows an attacker to send a maliciously crafted URL, which could result in redirecting the user to a malicious webpage or downloading a malicious file. This is due to open redirection in the 'Help' index pages.

Recommendations For version 6.1, consider restricting access to the 'Help' index pages until a patch is available. As a temporary workaround, avoid using the 'Help' feature in the WebCtrl Server to minimize the risk of exploitation.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2022-1019

Affected Products

Webctrl Server

PT-2022-13594 · Automated Logic · Webctrl Server

CVE-2022-1019

Weakness Enumeration

Related Identifiers

Affected Products

References · 3