Pilz: Missing Authentication in Node-RED integration

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

关键功能的认证机制缺失

Pilz IndustrialPI 访问控制错误漏洞

Pilz IndustrialPI是德国Pilz个人开发者的一个工业物联网的网关。 Pilz IndustrialPI存在访问控制错误漏洞，该漏洞源于默认未配置Node_RED服务器身份验证导致命令执行。

N/A

N/A