Описание
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.
Ссылки
- PatchThird Party AdvisoryUS Government Resource
- Vendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.20 (исключая)Версия до 5.4.0 (исключая)
Одно из
cpe:2.3:a:prosysopc:ua_modbus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:prosysopc:ua_simulation_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00137
Низкий
6.5 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.
EPSS
Процентиль: 34%
0.00137
Низкий
6.5 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-522