CVE-2018-19009
Summary
| CVE | CVE-2018-19009 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-25 20:29:00 UTC |
| Updated | 2020-09-18 16:39:00 UTC |
| Description | Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device. |
Risk And Classification
Problem Types: CWE-312
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pilz | Pnozmulti Configurator | All | All | All | All |
| Application | Pilz | Pnozmulti Configurator | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pilz PNOZmulti Configurator | CISA | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| Pilz PNOZmulti Configurator CVE-2018-19009 Local Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.