Advisories | CERT@VDE

2019-06-04 15:21 VDE-2019-012

TECSON/GOK: Improper Authentication and Access Control on multiple devices

A security researcher discovered that the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.

CVE-2019-12254: 9.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (14)

Bender (2)

CODESYS (13)

Endress+Hauser (12)

Festo (11)

Festo Didactic (7)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (11)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (3)

MB connect line (11)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (30)

PHOENIX CONTACT (87)

Pilz (13)

Red Lion Europe (4)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (4)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (58)

Weidmueller (10)

Welotec (3)

Wiesemann & Theis (3)

Archive

2024

November (1)
October (8)
September (8)
August (9)
July (7)
June (4)
May (4)
April (3)
March (2)
February (6)
January (7)

2023

December (14)
November (5)
October (5)
September (5)
August (13)
July (5)
June (3)
May (4)
April (1)
March (3)
February (3)
January (2)

2022

December (5)
November (10)
October (5)
September (7)
August (4)
July (4)
June (7)
May (3)
April (11)
March (5)
January (5)

2021

December (2)
November (6)
October (5)
September (2)
August (10)
July (3)
June (9)
May (6)
April (2)
March (3)
February (3)
January (4)

2020

December (4)
November (3)
October (6)
September (8)
August (1)
July (3)
June (4)
May (2)
March (12)
February (2)

2019

December (2)
October (3)
September (1)
June (4)
May (2)
March (6)
January (1)

2018

October (1)
September (1)
August (2)
July (3)
May (4)
March (1)
February (1)
January (2)

2017

December (2)
November (1)
September (1)
March (1)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0