Envitech Ltd. has an update available to mitigate an improper authentication vulnerability in its EnviDAS Ultimate, according to a report with ICS-CERT.

A web application for environmental monitoring, EnviDAS Ultimate Versions prior to v1.0.0.5 suffer from the remotely exploitable issue, discovered by Can Demirel of Biznet Bilisim who also tested the patch.

WECON Fixes HMI Editor Issue
Multiple Holes in ProMinent Controller
Siemens Clears BACnet Field Panels Issues

Successful exploitation of this vulnerability could allow an attacker to view and edit settings without authenticating and execute code remotely.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Bold

The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.

CVE-2017-9625 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.2.

The product sees use in the commercial facilities, communications, and water and wastewater systems sectors. It also sees action on a global basis.

Israel-based Envitech Ltd., recommends that users of affected versions update to the latest version of v1.0.0.5 or newer. The update can be obtained by emailing Envitech Ltd.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This