Janitza Multiple UMG Devices Remote Debug Interface RCE

High Nessus Plugin ID 87891


The remote host has an exposed debug service that allows system functionality.


The remote host has an unprotected debug interface. An unauthenticated, remote attacker can exploit this to execute system commands and JASIC code.


Upgrade to an experimental firmware version available from the vendor website. Alternatively, secure non-essential ports with a firewall per the vendor documentation.

See Also



Plugin Details

Severity: High

ID: 87891

File Name: scada_janitza_debug_svc.nbin

Version: $Revision: 1.16 $

Type: remote

Family: SCADA

Published: 2016/01/13

Modified: 2018/01/29

Dependencies: 11153

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/h:janitza:umg_508, cpe:/h:janitza:umg_509, cpe:/h:janitza:umg_511, cpe:/h:janitza:umg_604, cpe:/h:janitza:umg_605

Patch Publication Date: 2015/09/21

Vulnerability Publication Date: 2015/10/22

Reference Information

CVE: CVE-2015-3971

BID: 77291

OSVDB: 129348