CVE-2024-0860 – Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator

https://notcve.org/view.php?id=CVE-2024-0860

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. El producto afectado es vulnerable a una transmisión de texto plano de información confidencial, lo que puede permitir a un atacante capturar paquetes para manipular sus propias solicitudes. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 8099 by default. HTTP traffic to this port contains unprotected credentials. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13 • CWE-319: Cleartext Transmission of Sensitive Information •