Vulnerabilities > CVE-2024-31200 - Unspecified vulnerability in Proges Sensor NET Connect Firmware V2 2.24

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

proges

NVD

Published: 2024-07-31

Updated: 2024-08-12

Summary

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.

Vulnerable Configurations

Part	Description	Count
OS	Proges Proges Sensor NET Connect Firmware V2 2.24	1
Hardware	Proges Proges Sensor NET Connect V2 -	1

References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31200