Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in EFACEC UC 500E
Vulnerability Description
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
EFACEC UC 500 访问控制错误漏洞
Vulnerability Description
EFACEC UC 500是葡萄牙EFACEC公司的一种解决方案,为公用事业和工业应用提供一体化的灵活通信网关、自动化平台和 HMI 解决方案。 EFACEC UC 500 存在访问控制错误漏洞,该漏洞源于没有管理员权限且有权访问 UC500 Windows 系统的用户可以对正在运行的进程执行内存转储,并提取明确的凭据或有效的会话令牌。
CVSS Information
N/A
Vulnerability Type
N/A