Описание
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.
Ссылки
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.7 (включая)
cpe:2.3:a:beckhoff:ipc_diagnostics:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01214
Низкий
9 Critical
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.
EPSS
Процентиль: 79%
0.01214
Низкий
9 Critical
CVSS2
Дефекты
CWE-284