Improper authentication in X-320M

#VU17077 Improper authentication in X-320M

Published: 2019-01-18

Vulnerability identifier: #VU17077

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18881

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
X-320M
Hardware solutions / Firmware

Vendor: ControlByWeb

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to improper or insufficient provement of a claim to be correct. A remote attacker can cause a denial of service condition.

Mitigation
Update to version 1.06.

Vulnerable software versions

X-320M: 1.00 - 1.05

External links
http://ics-cert.us-cert.gov/advisories/ICSA-19-017-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in ControlByWeb X-320M