Vegapuls 6X Two Wire Profinet Modbus Tcp Opc Ua Ethernet Apl
Monthly
Remote unauthenticated access to sensitive data in VEGA VEGAPULS 6X Two-Wire industrial sensors exposes hashed credentials and access codes via unsecured configuration interface. Network-accessible interface (AV:N/AC:L/PR:N/UI:N) allows attackers to extract authentication materials without any prerequisites, enabling credential cracking and potential lateral movement in industrial networks. EPSS and KEV data not available; CERTVDE advisory confirms vulnerability in Ethernet-APL enabled industrial level measurement devices running PROFINET, Modbus TCP, and OPC UA protocols. No public exploit identified at time of analysis, though exploitation trivial due to lack of authentication requirement.
Remote unauthenticated access to sensitive data in VEGA VEGAPULS 6X Two-Wire industrial sensors exposes hashed credentials and access codes via unsecured configuration interface. Network-accessible interface (AV:N/AC:L/PR:N/UI:N) allows attackers to extract authentication materials without any prerequisites, enabling credential cracking and potential lateral movement in industrial networks. EPSS and KEV data not available; CERTVDE advisory confirms vulnerability in Ethernet-APL enabled industrial level measurement devices running PROFINET, Modbus TCP, and OPC UA protocols. No public exploit identified at time of analysis, though exploitation trivial due to lack of authentication requirement.