Vulnerabilities in Carlo Gavazzi Energy Monitoring Products
Severity Rating: High
· VMU-C EM prior to firmware version A11_U05, and VMU-C PV prior to firmware version A17
Multiple vulnerabilities have been identified in Carlo Gavazzi Energy Monitoring Products and can allow a remote attacker to gain access to the sensitive information, perform certain administrative actions and gain unauthorized access to the affected application.
The vulnerabilities reported are as follows
· Unauthorized Access vulnerability
· Cross-site request forgery vulnerability
· Information-disclosure vulnerability
On successful exploitation of these vulnerabilities an attacker would be able to execute configuration parameter changes and saving modified configuration.
Users are advised to apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street