CVE-2015-4051 – Beckhoff IPC Diagnositcs Authentication Bypass

https://notcve.org/view.php?id=CVE-2015-4051

05 Jun 2015 — Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. Beckhoff IPC Diagnostics anterior a 1.8 no restringe correctamente el acceso a funciones en /config, lo que permite a atacantes remotos causar una denegación de ... • https://packetstorm.news/files/id/132168 • CWE-284: Improper Access Control •