cvelist/2024/1xxx/CVE-2024-1039.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-1039",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "\nGessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "USE OF WEAK CREDENTIALS CWE-1391",
                        "cweId": "CWE-1391"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Gessler GmbH",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "WEB-MASTER",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "7.9"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Gessler GmbH recommends updating EZ2 to 3.2 or greater and WebMaster to 4.4 or greater to mitigate these vulnerabilities. Updates have to be applied by Gessler GmbH technicians. For more information contact </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.gessler.de/en/contact-us/\">Gessler GmbH</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
                }
            ],
            "value": "\nGessler GmbH recommends updating EZ2 to 3.2 or greater and WebMaster to 4.4 or greater to mitigate these vulnerabilities. Updates have to be applied by Gessler GmbH technicians. For more information contact  Gessler GmbH https://www.gessler.de/en/contact-us/ .\n\n\n"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Felix Eberstaller and Nino F\u00fcrthauer of Limes Security "
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2024-01-29 16:00:36 +00:00			`{`
"-Synchronized-Data." 2024-02-01 22:00:33 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-01-29 16:00:36 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-1039",`
"-Synchronized-Data." 2024-02-01 22:00:33 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-01-29 16:00:36 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-02-01 22:00:33 +00:00			`"value": "\nGessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.\n\n"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "USE OF WEAK CREDENTIALS CWE-1391",`
			`"cweId": "CWE-1391"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Gessler GmbH",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "WEB-MASTER",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "7.9"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01",`
			`"refsource": "MISC",`
			`"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Gessler GmbH recommends updating EZ2 to 3.2 or greater and WebMaster to 4.4 or greater to mitigate these vulnerabilities. Updates have to be applied by Gessler GmbH technicians. For more information contact </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.gessler.de/en/contact-us/\">Gessler GmbH</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"`
			`}`
			`],`
			`"value": "\nGessler GmbH recommends updating EZ2 to 3.2 or greater and WebMaster to 4.4 or greater to mitigate these vulnerabilities. Updates have to be applied by Gessler GmbH technicians. For more information contact Gessler GmbH https://www.gessler.de/en/contact-us/ .\n\n\n"`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Felix Eberstaller and Nino F\u00fcrthauer of Limes Security "`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
"-Synchronized-Data." 2024-01-29 16:00:36 +00:00			`}`
			`]`
			`}`
			`}`