Vulnerabilities > CVE-2019-6549 - Credentials Management vulnerability in Kunbus Pr100088 Modbus Gateway Firmware 1.1.13166

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

kunbus

CWE-255

NVD

Published: 2019-02-12

Updated: 2019-10-09

Summary

An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.

Vulnerable Configurations

Part	Description	Count
OS	Kunbus Kunbus Pr100088 Modbus Gateway Firmware 1.1.13166	1
Hardware	Kunbus Kunbus Pr100088 Modbus Gateway -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05