Описание
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.9 Medium
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.
Уязвимость реализации единого входа Single sign-on (SSO) средства управления активами предприятия в сфере энергетики Asset Suite EAM (Enterprise Asset Management), позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение, изменение или удаление данных
EPSS
6.9 Medium
CVSS3
8.8 High
CVSS3