Vulnerabilities > CVE-2017-5144 - Multiple Security vulnerability in Multiple Carlo Gavazzi Products ICSA-17-012-03

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

carlosgavazzi

NVD

Published: 2017-02-13

Updated: 2019-10-03

Summary

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication.

Vulnerable Configurations

Part	Description	Count
OS	Carlosgavazzi Carlosgavazzi VMU C EM Firmware - Carlosgavazzi VMU C PV Firmware -	2
Hardware	Carlosgavazzi Carlosgavazzi VMU C EM - Carlosgavazzi VMU C PV -	2

References

http://www.securityfocus.com/bid/95411
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03