exploitDog

CVE-2025-11696

Опубликовано: 11 нояб. 2025

Источник: nvd

EPSS Низкий

Описание

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.

Ссылки

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1760.html

EPSS

Процентиль: 8%

0.00029

Низкий

Дефекты

CWE-22

Связанные уязвимости

GHSA-mhmp-wxqj-ph8c

github

3 месяца назад

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.

EPSS

Процентиль: 8%

0.00029

Низкий

Дефекты

CWE-22