CVE-2018-19009

Published: Jan 25, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.

Affected (1)

Products: Pilz: Pnozmulti Configurator

1 product

Pnozmulti Configurator

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pilz Pnozmulti Configurator	Before 10.9.0

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

http://www.securityfocus.com/bid/106529

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/106529

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.