ID
VAR-201802-1343
TITLE
Multiple vulnerabilities in Sprecher AutomationSPRECON-E-C, PU-2433
Trust: 0.6
DESCRIPTION
Sprecher Automation GmbH provides switching equipment and automation solutions for energy, industrial and infrastructure construction. Power facilities, industries, transportation companies, municipal utilities and public institutions are all customers. (1) The authentication path traversal vulnerability exists in the web interface of Sprecher PLC. Allow authenticated users to read target system files. (2) Sprecher Automation SPRECON-E-C, PU-2433 client has a password hashing vulnerability. Since the hash of the password is calculated on the browser side, the hash of the password can also be used for login. (3) Sprecher Automation SPRECON-E-C, PU-2433 There is an unauthorized access vulnerability in the Telnet management service. Because the PLC is open telnet management service on TCP/2048 port. This interface can be used to control the PLC without any authentication. (4) Sprecher Automation SPRECON-E-C, PU-2433 has a denial of service vulnerability. A positive TCP SYN scan of a large number of ports triggers a PLC denial of service. Causes DOS attacks. Manual intervention is required to restore service availability. (5) Sprecher Automation SPRECON-E-C, PU-2433 has an old kernel vulnerability. Because the Linux kernel version of the PLC operating system is too old. Lead to a large number of known security vulnerabilities, potential security risks
Trust: 0.72
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | sprecher automation | model: | sprecon-e-c pu-2433 | scope: | lt | version: | 8.49 | Trust: 0.6 |
| vendor: | sprecher automation | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | sprecher | model: | automation sprecon-e-c pu-2433 | scope: | lt | version: | 8.49 | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
TYPE
other
Trust: 0.2
PATCH
| title: | Sprecher AutomationSPRECON-E-C, PU-2433 patch with multiple vulnerabilities | url: | https://www.cnvd.org.cn/patchinfo/show/115605 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2018-02693 | Trust: 0.8 |
| db: | IVD | id: | E2E35191-39AB-11E9-9AC8-000C29342CB1 | Trust: 0.2 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2018/jan/101?utm_source=feedburner&utm_medium=twitter&utm_campaign=feed%3a+seclists%2ffulldisclosure+%28full+disclosure%29 | Trust: 0.6 |
SOURCES
| db: | IVD | id: | e2e35191-39ab-11e9-9ac8-000c29342cb1 |
| db: | CNVD | id: | CNVD-2018-02693 |
LAST UPDATE DATE
2022-05-17T01:45:10.750000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-02693 | date: | 2018-02-02T00:00:00 |
SOURCES RELEASE DATE
| db: | IVD | id: | e2e35191-39ab-11e9-9ac8-000c29342cb1 | date: | 2018-02-02T00:00:00 |
| db: | CNVD | id: | CNVD-2018-02693 | date: | 2018-02-02T00:00:00 |