Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| martem | telem-gw6_firmware | * |
| martem | telem-gwm_firmware | * |
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,CWE-1188,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| martem | telem-gw6_firmware | * |
| martem | telem-gwm_firmware | * |
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| martem | telem-gw6_firmware | * |
| martem | telem-gwm_firmware | * |
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| martem | telem-gw6_firmware | * |
| martem | telem-gwm_firmware | * |