Pilz PNOZmulti Configurator CVE-2018-19009 Local Information Disclosure Vulnerability

Bugtraq ID:	106529
Class:	Design Error
CVE:	CVE-2018-19009
Remote:	No
Local:	Yes
Published:	Jan 10 2019 12:00AM
Updated:	Jan 10 2019 12:00AM
Credit:	Gjoko Krstikj of Applied Risk
Vulnerable:	Pilz PNOZmulti Configurator 10.0 Pilz PNOZmulti Configurator 9.6 Pilz PNOZmulti Configurator 9.0.1 Pilz PNOZmulti Configurator 10.8
Not Vulnerable:	Pilz PNOZmulti Configurator 10.9

Pilz PNOZmulti Configurator CVE-2018-19009 Local Information Disclosure Vulnerability

Pilz PNOZmulti Configurator is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to PNOZmulti Configurator 10.9 are vulnerable.

Pilz PNOZmulti Configurator CVE-2018-19009 Local Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Pilz PNOZmulti Configurator CVE-2018-19009 Local Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Pilz PNOZmulti Configurator CVE-2018-19009 Local Information Disclosure Vulnerability

References:

• Pilz Homepage (Pilz)
  
• ICSA-19-010-03 Pilz PNOZmulti Configurator (CERT)