SB2018120313 - Information disclosure in Pilz PNOZmulti Configurator

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018120313

SB2018120313 - Information disclosure in Pilz PNOZmulti Configurator

Published: December 3, 2018

Security Bulletin ID SB2018120313
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Information disclosure (CVE-ID: N/A)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to cleartext storage of sensitive information in C:\ProgramData\Pilz\PNOZmulti Configurator v10.8.0\AppData\pmimicroconfig\UserSettings.xml. A local attacker with access to the PC file system that uses the software PNOZmulti
Configurator can read out sensitive data such as configuration data of an HMI device of type PMI m107 diag.


Remediation

Install update from vendor's website.

References