CVE-2015-4051 – Beckoff CX9020 CPU Model Remote Code Execution

https://notcve.org/view.php?id=CVE-2015-4051

05 Jun 2015 — Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. Beckhoff IPC Diagnostics anterior a 1.8 no restringe correctamente el acceso a funciones en /config, lo que permite a atacantes remotos causar una denegación de ... • http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf • CWE-284: Improper Access Control •