S4E

CVE-2024-5421 Scanner

CVE-2024-5421 scanner - Arbitrary File Disclosure vulnerability in SEH utnserver Pro/ProMAX/INU-100

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 3 days

Scan only one

URL

Toolbox

-

The SEH utnserver Pro/ProMAX/INU-100 is utilized in various industrial applications to manage and expose data services. Developed for secure file handling, it supports authenticated access to various files and directories. However, due to vulnerabilities, sensitive information can be improperly accessed. Organizations depend on it for reliable data management, but must ensure security. Regular vulnerability checks are crucial for maintaining integrity and confidentiality.

The identified vulnerability allows for arbitrary file disclosure within the SEH utnserver Pro/ProMAX/INU-100. This flaw permits authenticated users to access sensitive files that should be protected. While authentication is required, the vulnerability poses a significant risk of data exposure. It has been publicly disclosed as CVE-2024-5421, highlighting the importance of prompt remediation.

This vulnerability is found in the file handling functions of the SEH utnserver Pro, utnserver ProMAX, and INU-100. Specifically, it is triggered by unauthorized access attempts to the /info/dir?/ endpoint. The vulnerability arises when the server improperly processes requests, allowing sensitive information leakage. The presence of indicators in the response body signifies potential exposure of file system information. As a result, even authenticated users may retrieve data that could compromise security.

If exploited, this vulnerability can lead to significant data exposure, allowing unauthorized access to sensitive files. Malicious users could leverage this access for various nefarious purposes, including data theft and system compromise. Such breaches could result in reputational damage and financial loss for organizations. Additionally, it may violate compliance requirements and lead to legal repercussions.

By becoming a member of the S4E platform, you gain access to advanced vulnerability detection tools tailored to protect your digital assets. Our platform not only identifies vulnerabilities but also provides actionable remediation strategies. You’ll benefit from continuous monitoring, ensuring your systems are secure against evolving threats. Join us to enhance your cybersecurity posture and safeguard your valuable data.

References:

Get started to protecting your Free Full Security Scan