Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 1.x has improper privilege management
Vulnerability Description
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic "tokens". The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Endress+Hauser Ecograph T 访问控制错误漏洞
Vulnerability Description
Endress+Hauser RSG35是瑞士Endress+Hauser公司的一个用于工业生产过程中对过程进行监控的图形数据管理器。Endress+Hauser Endress+Hauser ORSG35是瑞士Endress+Hauser公司的一个用于工业生产过程中对过程进行监控的图形数据管理器。 Endress+Hauser Ecograph T 2.0.0之前版本存在访问控制错误漏洞,该漏洞源于不适当的特权管理。受影响的设备具有基于web的用户界面和基于角色的访问系统。不同角色的用户具有不同的写和读
CVSS Information
N/A
Vulnerability Type
N/A