CVE-2019-13941
Last modified
CVE-2019-13941 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. EPSS estimates a 1.62% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Ozw672 Firmware | < 10.00 |
| Siemens | Ozw772 Firmware | < 10.00 |
References
- https://www.us-cert.gov/ics/advisories/icsa-20-042-09Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsa-20-042-09Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13941?
How severe is CVE-2019-13941?
How do I fix CVE-2019-13941?
Are you affected by CVE-2019-13941?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST