An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.
References
Link | Resource |
---|---|
https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p | Vendor Advisory |
https://twitter.com/FIMERspa | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-03T09:56:43
Updated: 2021-11-03T09:56:43
Reserved: 2021-05-19T00:00:00
Link: CVE-2021-33210
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-03T10:15:07.693
Modified: 2021-11-05T11:45:36.557
Link: CVE-2021-33210
JSON object: View
Redhat Information
No data.
CWE