CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.
An attacker with network access to the Circutor Q-SMT device's web interface can bypass login page security without providing valid authentication credentials. After successfully bypassing authentication (CWE-1284 — improper input validation), they gain access to all functions available through the web interface. The ability to freely use these functions enables, among other things, conducting a denial of service attack that could potentially disable the device.
An attacker can take full control of the device's web functions and cause its unavailability through a DoS attack, which in an industrial environment may result in disruption of continuous energy monitoring and management.
Patches available from the manufacturer should be applied according to references. It is also recommended to restrict access to the device's web interface exclusively to trusted hosts at the firewall and network level, until the official manufacturer patch is deployed.
Circutor Q-SMT with firmware version 1.0.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HCircutor Q Smt
HWCircutorwszystkie wersjeCircutor Q Smt Firmware
OSCircutor1.0.4
Related vulnerabilities
Brak wygasania tokenów sesji w Circutor Q-SMT Firmware 1.0.4
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, coul...
An attacker with no knowledge of the current users in the web application, could build a dictionary of potenti...
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan