CVE-2024-0860

Name of the Vulnerable Software and Affected Versions Softing edgeAggregator and Softing edgeConnector modules (affected versions not specified) Softing edgeConnector Modbus (affected versions not specified) Softing edgeConnector 840D (affected versions not specified) Softing edgeConnector Fanuc CNC (affected versions not specified) Softing edgeConnector Siemens (affected versions not specified)

Description The issue is related to the transmission of credentials in cleartext, which may allow a remote attacker to capture packets and craft their own requests, potentially leading to unauthorized access to protected information. This could enable an attacker to bypass authentication.

Recommendations For Softing edgeAggregator, consider disabling the transmission of credentials in cleartext until a patch is available. For Softing edgeConnector modules, restrict access to sensitive information to minimize the risk of exploitation. For Softing edgeConnector Modbus, Softing edgeConnector 840D, Softing edgeConnector Fanuc CNC, and Softing edgeConnector Siemens, avoid using cleartext transmission of credentials in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.