An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154789/SMA-Solar-Technology-AG-Sunny-WebBox-1.6-Cross-Site-Request-Forgery.html | Third Party Advisory |
https://www.us-cert.gov/ics/advisories/icsa-19-281-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2019-10-09T15:26:53
Updated: 2019-10-10T16:06:06
Reserved: 2019-07-11T00:00:00
Link: CVE-2019-13529
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-09T16:15:14.310
Modified: 2019-10-15T16:54:29.497
Link: CVE-2019-13529
JSON object: View
Redhat Information
No data.
CWE