exploitDog

CVE-2017-13995

Опубликовано: 05 окт. 2017

Источник: nvd

CVSS3: 10

CVSS2: 7.5

EPSS Низкий

Описание

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.

Ссылки

http://www.securityfocus.com/bid/100951
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/100951
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-264-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spidercontrol:ininet_webserver:*:*:*:*:*:*:*:*

Версия до 2.02.0000 (включая)

EPSS

Процентиль: 81%

0.01603

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-mvv4-fjq9-c9h3

CVSS3: 10

github

больше 3 лет назад

An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.

EPSS

Процентиль: 81%

0.01603

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

CWE-287