Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x exposures sensitive information to an unauthorized actor
Vulnerability Description
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Endress+hauser Ecograph 信息泄露漏洞
Vulnerability Description
Endress+hauser Ecograph是瑞士Endress+Hauser(Endress+hauser)公司的一个数据记录仪。用于安全、完整地记录和可视化所有过程序列。 Endress+hauser Ecograph T V2.0.0版本及之后版本存在信息泄露漏洞,该漏洞源于容易将敏感信息泄露给未经授权的参与者。
CVSS Information
N/A
Vulnerability Type
N/A