11/9/2022 0 Comments Automated logic web ctrl demoPlease see Carrier product security advisory CARR-PSA-001-1121 for more information.ĬISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. An administrator can add the CSP header/meta tag to each “index.htm” file in each of the directories under “/webroot/_common/lvl5/help/*”. #AUTOMATED LOGIC WEB CTRL DEMO MANUAL#MITIGATIONSĬarrier recommends users contact an Automated Logic dealer for instructions to download the latest version of WebCTRL.Ĭarrier also recommends the following manual workaround: COMPANY HEADQUARTERS LOCATION: United StatesĬhizuru Toyama of TXOne IoT/ICS Security Research Labs, working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA.CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities.A CVSS v3 base score of 5.2 has been calculated the CVSS vector string is ( AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). If a user visits a maliciously crafted URL, this vulnerability could allow an attacker to redirect a user to a malicious webpage or download a malicious file.ĬVE-2022-1019 has been assigned to this vulnerability. WebCtrl Version 6.1 “Help” index pages are vulnerable to open redirection. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTSĬarrier reports this vulnerability affects the following Automated Logic WebCtrl Server building automation software products:ģ.2 VULNERABILITY OVERVIEW 3.2.1 OPEN REDIRECT CWE-601 Successful exploitation of this vulnerability could allow an attacker to redirect the user to a malicious webpage or to download a malicious file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |