Search criteria
1 vulnerability by omntec
CVE-2024-6981 (GCVE-0-2024-6981)
Vulnerability from cvelistv5 ā Published: 2024-09-27 16:11 ā Updated: 2024-09-27 16:37
VLAI
Title
OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function
Summary
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform administrative actions without proper authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OMNTEC | Proteus Tank Monitoring |
Affected:
OEL8000III Series
|
|
| omntec | proteus_tank_monitoring |
Affected:
oel8000_iii_series
cpe:2.3:a:omntec:proteus_tank_monitoring:oel8000_iii_series:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omntec:proteus_tank_monitoring:oel8000_iii_series:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "proteus_tank_monitoring",
"vendor": "omntec",
"versions": [
{
"status": "affected",
"version": "oel8000_iii_series"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:33:38.207492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:37:39.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proteus Tank Monitoring",
"vendor": "OMNTEC",
"versions": [
{
"status": "affected",
"version": "OEL8000III Series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMNTEC Proteus Tank Monitoring OEL8000III Series\n\n\ncould allow an attacker to perform administrative actions without proper authentication."
}
],
"value": "OMNTEC Proteus Tank Monitoring OEL8000III Series\n\n\ncould allow an attacker to perform administrative actions without proper authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:11:26.742Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06"
}
],
"source": {
"advisory": "ICSA-24-268-06",
"discovery": "EXTERNAL"
},
"title": "OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMNTEC Mfg., Inc. has not responded to CISA\u0027s requests to coordinate at this time. Users can reach out to the vendor on their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.omntec.com/contact\"\u003ewebsite\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "OMNTEC Mfg., Inc. has not responded to CISA\u0027s requests to coordinate at this time. Users can reach out to the vendor on their website https://www.omntec.com/contact ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-6981",
"datePublished": "2024-09-27T16:11:26.742Z",
"dateReserved": "2024-07-22T13:39:53.735Z",
"dateUpdated": "2024-09-27T16:37:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}