CVE-2017-20007

Опубликовано: 25 окт. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files.

Ссылки

https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au
Third Party Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ingeteam:ingepac_da_au_firmware:*:*:*:*:*:*:*:*

Версия до auc_1.13.0.28 (включая)

cpe:2.3:h:ingeteam:ingepac_da_au:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00531

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4hm5-q7h9-438p

github

больше 3 лет назад