JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication

Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication Advisory URL: https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02 CVE-ID...

CVE-2016-5789

A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request...

CVE-2016-5789

A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request...

CVE-2016-5789

The CVE-2016-5789 entry affects the JanTek JTC-200 all-versions TCP/IP converter. Connected sources confirm two adjacent issues: Cross-Site Request Forgery (CSRF) and Improper Authentication. CSRF enables an attacker to perform actions with the victim’s active session; Improper Authentication cou...

JanTek JTC-200

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication AFFECTED PRODUCTS The following versions of JTC-200, a TCP/IP converter, are affected:...