News

Dangerous vulnerability was discovered in Tecson monitoring devices

Instruments for monitoring oil tanks manufactured by the German company Tecson revealed a dangerous vulnerability that allows access to web settings panel without credentials.

For doing so, an attacker will only need to know address of web server and request format that was used.

“Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules”, — reported in Tecson.

While exploiting vulnerability, an attacker can access interface configuration and change settings, including passwords, alert settings, and output status data. Thus, it can affect the planned operations and carry out an attack on automation processes.

Vulnerability received a CVE-2019-12254 identifier; the degree of its danger is estimated at 9.8 points on the CVSS scale. The issue affects Tecson LX-Net, LX-Q-Net, e-litro net, SmartBox4 LAN and SmartBox4 pro LAN devices.

However, manufacturer fixed vulnerability with the release of firmware version 6.3. As a measure to prevent attacks, users are advised to disable port forwarding and remote access to vulnerable devices.

Source: https://cert.vde.com

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-xbuhoxu.store pop-up ads (Virus Removal Guide)

News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…

4 hours ago

Remove News-xbadeyo.today pop-up ads (Virus Removal Guide)

News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…

4 hours ago

Remove News-bbutohu.info pop-up ads (Virus Removal Guide)

News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…

5 hours ago

Remove News-bbucoxe.today pop-up ads (Virus Removal Guide)

News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…

5 hours ago

Remove News-xdetake.cc pop-up ads (Virus Removal Guide)

News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…

8 hours ago

Remove News-bbufiya.today pop-up ads (Virus Removal Guide)

News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…

8 hours ago