CVE-2024-5947 Scanner
CVE-2024-5947 scanner - Information Disclosure vulnerability in Deep Sea Electronics DSE855
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
Deep Sea Electronics DSE855 is widely used in industrial and commercial settings for power generation control. It is commonly implemented by facility managers and technicians to ensure seamless operation of power systems. The device offers remote monitoring and control capabilities via a web-based UI. It is designed to support critical power infrastructure in diverse environments. Users depend on the DSE855 for reliable and secure power management solutions.
The DSE855 has a vulnerability that allows attackers to bypass authentication mechanisms. This flaw exists in the web-based UI of the device. An attacker can exploit this vulnerability to access sensitive information without needing to authenticate. This can lead to disclosure of stored credentials and other sensitive data.
The vulnerability is found in the web-based user interface of the DSE855. Specifically, the issue is due to the lack of authentication required to access the configuration backup functionality. Attackers can send a request to download the backup file (Backup.bin) without authenticating. The downloaded file can contain sensitive information such as stored credentials. This flaw is exploited by sending crafted HTTP requests to the device.
Exploiting this vulnerability can lead to unauthorized access to sensitive information. Attackers may obtain stored credentials, enabling further unauthorized access to the device and network. This can compromise the security of the entire power management system. Additionally, it can lead to potential manipulation or disruption of power control operations.
Join S4E to ensure the security of your digital assets with our comprehensive cyber threat exposure management services. Our platform offers advanced scanning capabilities to detect and report vulnerabilities in your systems. Benefit from detailed reports, expert recommendations, and continuous monitoring to safeguard your infrastructure. Stay ahead of potential threats and protect your organization's critical operations. Sign up now to enhance your cybersecurity posture with S4E.
References: