Home
HIGH: 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:NHIGH: 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version
affected
9.2.3
unaffected
Default status
unaffected
Any version
affected
9.2.1
unaffected
Description
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
Problem types
CWE-288 Authentication Bypass Using an Alternate Path or Channel
Product status
Any version
9.2.3
Any version
9.2.1
Credits
notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA.
References
www.cisa.gov/news-events/ics-advisories/icsa-25-338-05
github.com/...p/csaf_files/OT/white/2025/icsa-25-338-05.json
