Описание
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.36 (исключая)Версия до 11.44 (исключая)
Одновременно
Одно из
cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:advanced_web_module:*:*:*
cpe:2.3:o:siemens:climatix_pol909_firmware:*:*:*:*:advanced_web_and_bacnet_module:*:*:*
cpe:2.3:h:siemens:climatix_pol909:-:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00215
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-284
CWE-532
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.
EPSS
Процентиль: 44%
0.00215
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-284
CWE-532