Main Vulnerability Database SB2024020219

SB2024020219 - Multiple vulnerabilities in Gessler GmbH WEB-MASTER

Published: February 2, 2024

Security Bulletin ID SB2024020219

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use of Weak Credentials (CVE-ID: CVE-2024-1039)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to weak hard coded credentials. A remote attacker can gain control over the web management of the device.

2) Reversible One-Way Hash (CVE-ID: CVE-2024-1040)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to user account is stored using a weak hashing algorithm. A local administrator can restore the passwords by breaking the hashes stored on the device.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01