Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-1039 CVE-2024-1040 |
CWE-ID | CWE-1391 CWE-328 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
WEB-MASTER Other software / Other software solutions |
Vendor | Gessler GmbH |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU86026
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1039
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak hard coded credentials. A remote attacker can gain control over the web management of the device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWEB-MASTER: 7.9
External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86030
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1040
CWE-ID:
CWE-328 - Use of Weak Hash
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to user account is stored using a weak hashing algorithm. A local administrator can restore the passwords by breaking the hashes stored on the device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWEB-MASTER: 7.9
External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.