0x00 Vulnerability ID
-
None
0x01 Danger Level
- Medium
0x02 Vulnerability Overview
X2Modbus is a Modbus protocol conversion gateway that allows users to configure it according to the communication protocol of field devices, converting it to the standard Modbus protocol.
0x03 Vulnerability DetailsVulnerability Type:Information DisclosureImpact:Exposure of sensitive informationSummary:The /soap/GetConfig interface of the X2Modbus gateway has an information disclosure vulnerability, allowing unauthenticated attackers to obtain a large amount of sensitive information, including database usernames, passwords, ports, etc.0x04 Affected Versions
-
X2Modbus Gateway
0x05 POC Status
- Publicly disclosed
0x06 Fix Recommendations
Currently, the official has released a patched version for the vulnerability, and it is recommended that users upgrade to the secure version:http://bacnetchina.com/