CVE-2024-48852
Information disclosures
In short
FLEXON versions up to 9.3.4 accidentally log sensitive information that can be exposed through HTTPS connections. This means confidential data might be visible to anyone who can access the log files.
Technical detail
CWE-532 vulnerability in FLEXON ≤9.3.4 allows sensitive information disclosure via HTTPS access due to improper logging practices. Attackers with access to log files (local or remote) can retrieve confidential data that should not be logged. The vulnerability affects availability and confidentiality of sensitive information.
Summary generated and translated by AI from the official description.
Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access.
This issue affects FLXEON through <= 9.3.4.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
ABB · FLXEONpublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/52178unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →