{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Medium"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple products from JUMO are affected by webserver vulnerability \"CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.",
"title": "Summary"
},
{
"category": "description",
"text": "DOS vulnerability of the device in case of Misfortune Cookie.\nXSS vulnerability allows remote attackers to inject arbitrary web script or HTML.",
"title": "Impact"
},
{
"category": "description",
"text": "Control the access to the devices webserver by using a Firewall to block traffic from untrusted networks.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to latest software version.\nFor latest software version please contact \nsupport@jumo.net.\n\nFixed for:\n- Version 248.05.02 for JUMO mTRON T Central Processing Unit\n- Version 249.05.03 for JUMO mTRON T Multifunction panel 840\n- Version 266.04.07 for JUMO DICON touch\n- Version 304.09.04 for JUMO AQUIS touch",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@jumo.net",
"name": "JUMO GmbH \u0026 Co. KG",
"namespace": "https://www.jumo.group"
},
"references": [
{
"category": "external",
"summary": "Jumo PSIRT",
"url": "https://www.jumo.group/de/en/services/product-security"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Jumo",
"url": "https://certvde.com/de/advisories/vendor/jumo/"
},
{
"category": "self",
"summary": "VDE-2026-071: JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-071"
},
{
"category": "self",
"summary": "VDE-2026-071: JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices - CSAF",
"url": "https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json"
}
],
"title": "JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices",
"tracking": {
"aliases": [
"VDE-2026-071"
],
"current_release_date": "2026-07-08T10:00:00.000Z",
"generator": {
"date": "2026-07-08T09:12:08.205Z",
"engine": {
"name": "Secvisogram",
"version": "2.6.5"
}
},
"id": "VDE-2026-071",
"initial_release_date": "2026-06-23T10:00:00.000Z",
"revision_history": [
{
"date": "2026-06-23T10:00:00.000Z",
"legacy_version": "1.0.0",
"number": "1.0.0",
"summary": "initial release"
},
{
"date": "2026-07-08T10:00:00.000Z",
"legacy_version": "2.0.0",
"number": "2.0.0",
"summary": "Updated the relationship identifier and adjusted the starting versions in the product tree version ranges."
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JUMO mTRON T Central Processing Unit",
"product": {
"name": "JUMO mTRON T Central Processing Unit",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_mtron_t_central_processing_unit:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "JUMO mTRON T Multifunction panel 840",
"product": {
"name": "JUMO mTRON T Multifunction panel 840",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_mtron_t_multifunction_panel_840:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "JUMO DICON touch",
"product": {
"name": "JUMO DICON touch",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_dicon_touch:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "JUMO AQUIS touch",
"product": {
"name": "JUMO AQUIS touch",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"cpe": "cpe:2.3:h:jumo:jumo_aquis_touch:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c248.05.02",
"product": {
"name": "Firmware \u003c248.05.02",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "248.05.02",
"product": {
"name": "Firmware 248.05.02",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:248.05.02:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c249.05.03",
"product": {
"name": "Firmware \u003c249.05.03",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "249.05.03",
"product": {
"name": "Firmware 249.05.03",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:249.05.03:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c266.04.07",
"product": {
"name": "Firmware \u003c266.04.07",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "266.04.07",
"product": {
"name": "Firmware 266.04.07",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:266.04.07:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:semver/\u003e=1.0.0|\u003c304.09.04",
"product": {
"name": "Firmware \u003c304.09.04",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "304.09.04",
"product": {
"name": "Firmware 304.09.04",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:firmware:304.09.04:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "JUMO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c248.05.02 installed on JUMO mTRON T Central Processing Unit",
"product_id": "CSAFPID-33001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_central_processing_unit:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c249.05.03 installed on JUMO mTRON T Multifunction panel 840",
"product_id": "CSAFPID-33002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_multifunction_panel_840:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0023",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c266.04.07 installed on JUMO DICON touch",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_dicon_touch:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0024",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c304.09.04 installed on JUMO AQUIS touch",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_aquis_touch:*:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0026",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 248.05.02 installed on JUMO mTRON T Central Processing Unit",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_central_processing_unit:248.05.02:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0021",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 249.05.03 installed on JUMO mTRON T Multifunction panel 840",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_mtron_t_multifunction_panel_840:249.05.03:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0022",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 266.04.07 installed on JUMO DICON touch",
"product_id": "CSAFPID-33011",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_dicon_touch:266.04.07:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0025",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 304.09.04 installed on JUMO AQUIS touch",
"product_id": "CSAFPID-51901",
"product_identification_helper": {
"cpe": "cpe:2.3:o:jumo:jumo_aquis_touch:304.09.04:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-0027",
"relates_to_product_reference": "CSAFPID-0004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9223",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2014-12-24T11:00:00.000Z",
"notes": [
{
"audience": "all",
"category": "description",
"text": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.",
"title": "CVE description"
},
{
"category": "details",
"text": "DOS vulnerability of the device in case of buffer overflow. For our products we expect a CVSS Score of: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"known_affected": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVE Record: CVE-2014-9223",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9223"
},
{
"category": "external",
"summary": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C - 10.0 - High",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"release_date": "2014-12-24T11:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-15T10:00:00.000Z",
"details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"environmentalScore": 10,
"integrityImpact": "COMPLETE",
"temporalScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Multiple buffer overflows in AllegroSoft RomPager"
},
{
"cve": "CVE-2013-6786",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-01-16T11:00:00.000Z",
"notes": [
{
"audience": "operational management and system administrators",
"category": "details",
"text": "XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.",
"title": "Vulnerability Characterisation"
},
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the \"forbidden author header\" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a \"URL redirection\" issue that some sources list separately.",
"title": "CVE description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"known_affected": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVE Record: CVE-2013-6786",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6786"
},
{
"category": "external",
"summary": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N - 4.3 - Medium",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"release_date": "2014-01-16T11:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-15T10:00:00.000Z",
"details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "PARTIAL",
"temporalScore": 4.3,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Cross-site scripting (XSS) vulnerability in Allegro RomPager"
},
{
"cve": "CVE-2014-9222",
"discovery_date": "2014-12-24T11:00:00.000Z",
"notes": [
{
"category": "description",
"text": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability.",
"title": "CVE Description"
},
{
"category": "details",
"text": "XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.",
"title": "Vulnerability Characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-33011",
"CSAFPID-51901"
],
"known_affected": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"references": [
{
"category": "external",
"summary": "CVE Record: CVE-2014-9222",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9222"
},
{
"category": "external",
"summary": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C - 10.0 - High",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"release_date": "2014-12-24T11:00:00.000Z",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-15T10:00:00.000Z",
"details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"environmentalScore": 10,
"integrityImpact": "COMPLETE",
"temporalScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"CSAFPID-33001",
"CSAFPID-33002",
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "Misfortune Cookie vulnerability in AllegroSoft RomPager 4.34"
}
]
}