CVE-2024-31486

medium

Description

A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-137-02

https://cert-portal.siemens.com/productcert/html/ssa-871704.html

Details

Source: Mitre, NVD

Published: 2024-05-14

Updated: 2024-05-14

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics