Home
CRITICAL: 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
Any version
affected
AAX1055CU
unaffected
ABU1001_Q
unaffected
ACL1201_C
unaffected
ACL1200AM
unaffected
ABH1027_L
unaffected
ABH1007AA
unaffected
ABS1009_P
unaffected
ABS1005_U
unaffected
ACB1005_C
unaffected
AAX1031CO
unaffected
Description
Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attacker to carry out a privilege escalation.
Problem types
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Product status
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
Any version
AAX1055CU
ABU1001_Q
ACL1201_C
ACL1200AM
ABH1027_L
ABH1007AA
ABS1009_P
ABS1005_U
ACB1005_C
AAX1031CO
Credits
Rubén Santamarta
References
www.incibe.es/...on-sat-access-credentials-ingecon-ems-board
www.reversemode.com/...tical-analysis-of-cyber-physical.html