#VU15163 Improper authentication in EMG 12
Vulnerability identifier: #VU15163
Vulnerability risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
EMG 12
Hardware solutions /
Firmware
Vendor: Entes Electronics
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists in a web interface due to improper authentication. A remote unauthenticated attacker can a web interface and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Update to the latest version.
Vulnerable software versions
EMG 12: All versions
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-275-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
