Back to search
CVE-2024-5434
Published: May 28, 2024
Modified: Aug 1, 2024
PUBLISHED
Description
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to gain access to the file, passwords could be decoded and reused to gain access.
| Vendor | Product | Versions |
|---|---|---|
Campbell Scientific | CSI Web Server and RTMC | affected CSI Web Server 1.6affected RTMC 5.0 |
Weaknesses (CWE)
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01
government-resource
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now