PT-2024-12647 · Automatic Systems · Automatic Systems Soc Fl9600
Marcin Kozlowski
+2
·
Published
2024-01-03
·
Updated
2024-10-31
·
CVE-2023-37608
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Automatic Systems SOC FL9600 FirstLane version V06 lego T04E00
Automatic Systems SOC FL9600 FastLine version v.legoT04E00
Description
An issue in Automatic Systems SOC FL9600 allows a remote attacker to obtain sensitive information because there is an automatic systems super admin account with a hardcoded password, specifically
astech. The attacker can exploit this via the admin login credentials.Recommendations
For version V06 lego T04E00, consider changing the hardcoded password
astech for the super admin account to prevent unauthorized access.
For version v.legoT04E00, restrict access to the admin login credentials to minimize the risk of exploitation.
As a temporary workaround, consider disabling the admin login feature until a patch is available.Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automatic Systems Soc Fl9600