Information Exposure in INGEPAC DA AU
CVE-2017-20007

5.3MEDIUM

Key Information:

Vendor: Ingeteam
Status: Ingepac Da Au
Vendor: CVE Published:; 25 October 2021

What is CVE-2017-20007?

Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files.

Affected Version(s)

INGEPAC DA AU AUC_1.13.0.28

References

https://www.incibe-cert.es/en/early-warning/ics-advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2021
Vulnerability Reserved
Sep 29, 2021

Credit

Industrial Cybersecurity team of S21sec, special mention to Jacinto Moral Matellán.

CVE-2017-20007 Data

JSON