107 matches found
Elspec G5 digital fault recorder security vulnerability
The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and prior versions, which is caused by the presenc...
CVE-2024-22079
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism...
CVE-2024-22078
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...
CVE-2024-22084
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files...
Elspec G5 digital fault recorder security vulnerability
Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and prior versions, which originates from allowing an...
Elspec G5 digital fault recorder security vulnerability
The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and earlier, which originates from an...
CVE-2024-22083
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks...
CVE-2024-22079
Elspec G5 digital fault recorder (versions ≤ 1.1.4.15) is affected by a path traversal vulnerability exploitable through the system logs download mechanism. The issue allows traversal of directories to access logs and potentially sensitive files. Publicly available sources corroborate the vulnera...
CVE-2024-22083
The vulnerability CVE-2024-22083 affects Elspec G5 digital fault recorder versions 1.1.4.15 and earlier. The issue is a hardcoded backdoor session ID that enables unauthorized access to the device, including reconfiguration tasks. Affected components are the system’s session handling/backdoor mec...
CVE-2024-22085
CVE-2024-22085 affects Elspec G5 digital fault recorder, versions 1.1.4.15 and older. The vulnerability is that the shadow file is world readable, enabling local access to sensitive account data and impacting confidentiality. The CVSSv3.1 vector is AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N with a base ...
CVE-2024-22081
CVE-2024-22081 affects Elspec G5 digital fault recorder versions 1.1.4.15 and earlier, with unauthenticated memory corruption possible in the HTTP header parsing mechanism. The issue is described across multiple sources (RH, NVD, Tenable/NASL, CVE lists) as a memory corruption vulnerability explo...
CVE-2024-22077
An issue in Elspec G5 digital fault recorder versions 1.1.4.15 and earlier is reported. The root cause is weak permissions on the SQLite database file, potentially enabling unauthorized access to stored data. Public sources agree on the affected versions and the weak-file-permissions trait, but p...
Elspec G5 digital fault recorder security vulnerability
The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and earlier, which stems from weak file system...
Elspec G5 digital fault recorder security vulnerability
Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and earlier, which stems from weak file permissions in...
CVE-2024-22083
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks...
CVE-2024-22085
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable...
CVE-2024-22084
CVE-2024-22084 affects Elspec G5 digital fault recorder up to version 1.1.4.15, where cleartext passwords and hashes are exposed through log files. Root cause: credentials stored in log output. Impact: potential credential disclosure via logs. Connected sources confirm the vendor advisory and mul...
CVE-2024-22077
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions...
CVE-2024-22078
CVE-2024-22078 affects Elspec G5 digital fault recorder (versions 1.1.4.15 and earlier). The root cause is weak filesystem permissions on the network configuration script, allowing world-writable access and enabling privilege escalation from a standard user to administrator. Public descriptions c...
CVE-2024-22080
Affected product: Elspec G5 digital fault recorder (versions 1.1.4.15 and earlier). Vulnerability: Unauthenticated memory corruption during XML body parsing. Root cause: memory corruption in XML parsing path. Impact: high confidentiality, integrity, and availability impact (per CVSS 3.1 base metr...