22 matches found
Martem TELEM GW6/GWM Privilege Vulnerability
Martem TELEM GW6/GWM are both data processor products of Martem Estonia. A security vulnerability exists in previous versions of Martem TELEM GW6/GWM 2.0.87-4018403-k4. An attacker can exploit the vulnerability by connecting to the RTU using default credentials to modify/upload new system...
Default credentials
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...
CVE-2018-10605
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...
CVE-2018-10605
CVE-2018-10605 affects Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4. The vulnerability stems from Incorrect Default Permissions (CWE-276): an attacker can connect to the RTU using default credentials to modify/upload a new system configuration or take full control of the RTU, due to m...
CVE-2018-10605
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...
CVE-2018-10603
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...
Code injection
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...
CVE-2018-10603
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...
CVE-2018-10607
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...
CVE-2018-10607
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...
CVE-2018-10609
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...
Authentication flaw
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...
CVE-2018-10609
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...
CVE-2018-10603
CVE-2018-10603 affects Martem TELEM-GW6 and GWM devices running firmware 2018.04.18-linux_4-01-601cb47 and prior. The root cause is missing authentication for IEC-104 control commands (CWE-306), enabling a rogue node to remotely control the industrial process. Public documents confirm a high/seve...
CVE-2018-10603
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...
CVE-2018-10607
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...
CVE-2018-10607
CVE-2018-10607 affects Martem TELEM-GW6 and GWM devices. The vulnerability allows creating new connections to one or more IOAs without properly closing them, causing a denial of service in the industrial process control channel. Affected firmware: 2018.04.18-linux_4-01-601cb47 and prior; remediat...
CVE-2018-10609
CVE-2018-10609 affects Martem TELEM-GW6/GWM devices; vulnerability lies in improper sanitization of data over WebSocket, enabling cross-site scripting and client-side code execution with target user privileges. Affected firmware: GW6/GWM
CVE-2018-10609
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...
Martem TELEM-GW6/GWM Cross-Site Scripting Vulnerability
Martem specializes in providing remote control systems for monitoring and controlling distribution networks, and its customers include distribution companies as well as industrial and transportation companies that own their own power grids. A cross-site scripting vulnerability exists in Martem...