Cross-Site Request Forgery Vulnerability in Janitza UMG Devices
CVE-2015-3967

Currently unrated

Key Information:

Vendor: Janitza
Status: Umg 511; Umg 509; Umg 508; Umg 604
Vendor: CVE Published:; 28 October 2015

What is CVE-2015-3967?

A critical security flaw has been identified in Janitza UMG 508, 509, 511, 604, and 605 devices that could enable remote attackers to hijack user authentication through cross-site request forgery (CSRF). This vulnerability allows malicious actors to exploit the system by executing unauthorized commands on behalf of users who are authenticated. Proper mitigation is essential to protect sensitive data and maintain the integrity of the affected devices.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2015
Vulnerability Reserved
May 12, 2015

CVE-2015-3967 Data

JSON