Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Iconics GENESIS32和BizViz 加密问题漏洞
Vulnerability Description
ICONICS GENESIS32是美国ICONICS公司的一套面向Web应用、模块化的工控自动化软件(HMI/SCADA)。该软件提供项目开发与协同、可视化数据回放和报警管理等功能。 ICONICS GENESIS32 9.22版本和早期版本、BizViz 9.22版本和早期版本中的Security Configurator组件中的lockout-recovery功能中存在漏洞,该漏洞源于生成验证码时使用不正确的加密算法。本地攻击者可利用该漏洞预测一种挑战响应,绕过目地访问限制并获取管理的访问。
CVSS Information
N/A
Vulnerability Type
N/A