CVE-2024-25830

Name of the Vulnerable Software and Affected Versions F-logic DataCube3 version 1.0

Description The issue is related to insufficient access control in the F-logic DataCube3 terminal measurement system software for power generation systems. This can be exploited by an unauthenticated, remote attacker to obtain the root and admin account passwords. The exploitation involves sending a URI with the path of the configuration file, taking advantage of improper directory access restrictions.

Recommendations For F-logic DataCube3 version 1.0, consider restricting access to the configuration file and implementing proper directory access controls to prevent unauthorized access until a patch is available. As a temporary workaround, limit remote access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.