Home

Description

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.

PUBLISHED Reserved 2024-11-13 | Published 2024-11-22 | Updated 2024-11-26 | Assigner icscert




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version before 1.3
affected

Default status
unaffected

Any version before 9.2.1
affected

Credits

Michael Heinzl reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-24-326-07

cve.org (CVE-2024-47138)

nvd.nist.gov (CVE-2024-47138)

Download JSON