Information disclosure in SiteWatch Gateway - CVE-2017-6047
Published: May 17, 2017 / Updated: May 19, 2017
Vulnerability identifier: #VU6599
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-6047
CWE-ID: CWE-256
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Detcon
Affected software:
SiteWatch Gateway
SiteWatch Gateway
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to storing of passwords in plaintext. A remote attacker can bypass authentication and change settings on the affected product or obtain user passwords to conduct further attacks.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists due to storing of passwords in plaintext. A remote attacker can bypass authentication and change settings on the affected product or obtain user passwords to conduct further attacks.
Successful exploitation of the vulnerability may result in information disclosure.
How to mitigate CVE-2017-6047
Install update from vendor's website.