Vulnerabilities > CVE-2017-20007 - Unspecified vulnerability in Ingeteam Ingepac DA AU Firmware Auc1.13.0.28

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ingeteam

NVD

Published: 2021-10-25

Updated: 2021-10-28

Summary

Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files.

Vulnerable Configurations

Part	Description	Count
OS	Ingeteam Ingeteam Ingepac DA AU Firmware - Ingeteam Ingepac DA AU Firmware Auc_1.13.0.28	2
Hardware	Ingeteam Ingeteam Ingepac DA AU -	1

References

https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au