PT-2022-6571 · Icl · Icl Scadaflex Ii Scada Controller Sc-2+1

Published

2022-02-26

Updated

2023-08-08

CVE-2022-25359

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions ICL ScadaFlex II SCADA Controller SC-1 and SC-2 version 1.03.07

Description The issue is related to the lack of an authentication procedure, allowing unauthenticated remote attackers to overwrite, delete, or create files on the device. This can enable a remote attacker to gain unauthorized access to the device.

Recommendations For ICL ScadaFlex II SCADA Controller SC-1 and SC-2 version 1.03.07, consider implementing authentication procedures to restrict access to the device and prevent unauthorized file modifications. As a temporary workaround, restrict remote access to the device until a patch is available.

Exploit

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

BDU:2023-02458

CVE-2022-25359

Affected Products

Icl Scadaflex Ii Scada Controller Sc-1

Icl Scadaflex Ii Scada Controller Sc-2

PT-2022-6571 · Icl · Icl Scadaflex Ii Scada Controller Sc-2+1

CVE-2022-25359

Weakness Enumeration

Related Identifiers

Affected Products

References · 9