Information disclosure

2023-06-1114:15:00

PRIOn knowledge base

www.prio-n.com

information disclosure

unauthorized access

sensitive information

internal ip address

usernames

device values

nvd

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.2%

JSON

The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.

CPENameOperatorVersion
ak-em100_firmwarelt2.2.0.12

CPE	Name	Operator	Version
	ak-em100_firmware	lt	2.2.0.12

References

csirt.divd.nl/DIVD-2023-00021

divd.nl/cves/CVE-2023-25912