CVE-2024-36266

Name of the Vulnerable Software and Affected Versions: PowerSys versions prior to V3.11

Description: A vulnerability has been identified in the affected application, where it insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. The vulnerability is related to deficiencies in the authentication procedure, which may enable an attacker to bypass security restrictions and elevate their privileges.

Recommendations: For PowerSys versions prior to V3.11, update to version V3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to authentication requests to minimize the risk of exploitation. Avoid using the vulnerable authentication mechanism until the issue is resolved.