CVE-2018-19009
Last modified
CVE-2018-19009 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pilz | Pnozmulti Configurator | < 10.9.0 |
References
- http://www.securityfocus.com/bid/106529Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/106529Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-19009?
How severe is CVE-2018-19009?
How do I fix CVE-2018-19009?
Are you affected by CVE-2018-19009?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST