CVE-2023-45321

Name of the Vulnerable Software and Affected Versions Android Client application (affected versions not specified)

Description The issue concerns the use of the HTTP protocol instead of HTTPS to retrieve sensitive information, including IP addresses and credentials for a remote MQTT broker entity. This lack of encryption allows an attacker on the same subnet network as the HMI device to intercept usernames and passwords necessary for authenticating to the MQTT server. This server is responsible for implementing the remote management protocol.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.