CVE-2015-3971
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
28/10/2015
Last modified:
12/04/2025
Description
The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:h:janitza:umg_508:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:janitza:umg_509:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:janitza:umg_511:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:janitza:umg_604:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:janitza:umg_605:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page