Authentication Bypass in Janitza UMG Devices
CVE-2015-3971

Currently unrated

Key Information:

Vendor: Janitza
Status: Umg 511; Umg 509; Umg 508; Umg 604
Vendor: CVE Published:; 28 October 2015

What is CVE-2015-3971?

The debug interface of Janitza UMG 508, 509, 511, 604, and 605 devices lacks authentication safeguards, enabling remote attackers to gain unauthorized access. By exploiting this vulnerability, attackers can read and write files or execute arbitrary JASIC code through a session on TCP port 1239, raising serious concerns about system integrity and data security.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2015
Vulnerability Reserved
May 12, 2015

CVE-2015-3971 Data

JSON