Bender: COMTRAXX < 4.2.0 affected by inadquate credentials check vulnerability

VDE-2020-043

Last update

10/16/2020 08:54

Published at

10/16/2020 08:54

Vendor(s)

Bender GmbH & Co. KG

External ID

VDE-2020-043

CSAF Document

Download

Summary

Bender is publishing this advisory to inform customers about a security vulnerability in all devices running the COMTRAXX software.

The user authorization is validated for most, but not all routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization.

Impact

The vulnerability allows a malicious entity to bypass credential check.

Affected Product(s)

Model no.	Product name	Affected versions
95061070	COM465ID	Firmware <4.2.0
95061065, 95061066	COM465IP	Firmware <4.2.0
95061030	CP700	Firmware <4.2.0
95061080	CP907	Firmware <4.2.0
95061081, 95061085, 95061092	CP915	Firmware <4.2.0

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:58

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weakness

Missing Authorization (CWE-862)

Summary

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.

References

cve.org | nvd.nist.gov

Mitigation

• restrict network access to the above-mentioned devices

• install latest software update

Remediation

Please install V4.2.0. (https://www.bender.de/service-support/downloadbereich)

Revision History

Version	Date	Summary
1	10/16/2020 08:54	Initial revision.

Bender: COMTRAXX < 4.2.0 affected by inadquate credentials check vulnerability

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2019-19885 9.1

Mitigation

Remediation

Revision History