PT-2024-4419 · Ifm · Ifm Qva200+2

Published

2024-05-27

Updated

2024-06-07

CVE-2024-5404

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions moneo appliance (affected versions not specified) IFM QHA300 (affected versions not specified) IFM QHA210 (affected versions not specified) IFM QVA200 (affected versions not specified)

Description An unauthenticated remote attacker can change the admin password in a moneo appliance due to a weak password recovery mechanism. The vulnerability is related to the "Forgot Password" function of the IIoT platform.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

BDU:2024-04918

CVE-2024-5404

Affected Products

Ifm Qha210

Ifm Qha300

Ifm Qva200

PT-2024-4419 · Ifm · Ifm Qva200+2

CVE-2024-5404

Weakness Enumeration

Related Identifiers

Affected Products

References · 15