ГлавнаяУязвимости → CVE-2024-23766
7.5высокая

CVE-2024-23766

Описание

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/