PT-2024-34167 · Advantech · Advantech Eki-6333Ac-1Gpo+1
Diego Zaffaroni
·
Published
2024-11-26
·
Updated
2024-11-26
·
CVE-2024-50377
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Advantech EKI-6333AC-2G versions 1.6.3 and earlier
Advantech EKI-6333AC-2GD versions 1.6.3 and earlier
Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier
Description:
A hard-coded credentials issue affects the backup configuration functionality, which by default encrypts archives using a static password.
Recommendations:
For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue.
For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, update to a version later than 1.6.3 to resolve the issue.
For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue.
As a temporary workaround, consider disabling the backup configuration functionality until a patch is available.
Fix
OS Command Injection
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advantech Eki-6333Ac-1Gpo
Advantech Eki-6333Ac-2G