KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.
References
Link | Resource |
---|---|
https://tiger-team-1337.blogspot.com/2021/01/kaco-xp100u-hmi-credential-leak.html | Exploit Technical Description Third Party Advisory |
https://twitter.com/Kevin2600/status/1351189347501023238 | Third Party Advisory |
https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-15-224-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-23T14:15:32
Updated: 2021-02-23T14:15:32
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-3252
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-23T15:15:15.967
Modified: 2021-02-27T03:24:09.083
Link: CVE-2021-3252
JSON object: View
Redhat Information
No data.
CWE