-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Severe Vulnerability in StationScout and StationGuard allows unauthorized access to restricted features - - - - - ----------------------------------------------------------------- Security Advisory ID: OSA-6 Release Date: 2023-03-20 Revision: 1.0 OMICRON Product Security Team | security@omicronenergy.com Summary - - - - - ----------------------------------------------------------------- A vulnerability has been discovered in StationGuard versions 1.10 through 2.20 and StationScout versions 1.30 through 2.20 that allows a remote attacker to gain unintended access to sensitive information, execute unauthorized actions, or modify data. Affected OMICRON Products - - - - - ----------------------------------------------------------------- This vulnerability affects the following OMICRON product(s): Products Affected versions > StationGuard 1.10 through 2.20 on all platforms > StationScout 1.30 through 2.20 on all platforms Vulnerability Classification - - - - - ----------------------------------------------------------------- > CVE-2023-28611 > Base Score 10 > Risk Class Critical > Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Security Advisory - - - - - ----------------------------------------------------------------- Mitigation: OMICRON has released StationGuard 2.21 and StationScout 2.21 which address the issue and fix the vulnerability. It is strongly recommended that customers currently using the affected versions install the latest update available on the customer portal (registration required) as soon as possible to ensure the security of their system. More information about StationGuard and StationScout, including the link to download them, can be found on https://www.omicronenergy.com/en/products/stationguard/ and https://www.omicronenergy.com/en/products/stationscout/ Acknowledgments - - - - - ----------------------------------------------------------------- OpenSource Security GmbH -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmQZpIAACgkQ8BT0uMcu yBhokhAAvgI+c/5NsMbq7RXLBhHGGdIxjyOWLjPDyaAGXswWDIzW8pvDAu+2S0Ap 7SdQVkWIu9ItqL+mNqVs2lm7B0oN9LlSHiP54o6uAuDR93ZOvGVsb/mt/Qn9Hktv yMQmZ6CWip0tIDtINTwm6PQhjqTg/qUSpJQ0d5TdBqe03j4mSVPWGCTi3yMxcXrj sfa1DUba5DTxocvDaSS3Npf7VC7FE1cQ4qXmGbLr02pRYF+rQrpNwilH1m8uyyt9 PcUFGOBtJ+YY0dPgzjU/teaelN7A1rKojvA/4UL5bt3xhunTI1JfwJntggI+x5bV jYU6myWKt0Hf2jKYen9Vna8Xv7YK+BZp4wbrDjBC6TqvtU3pP5g4bW11HA5VriQu XyqCpLLudI7qoad/q77jgPEoUh4u6/S1zoWX2Xp4AM0r5KFJjWrRRua96lb3LQ1b lRVfePjRUZxSzZJ6CYRNZ4kAm8sDXbO8zF3WBLVyHD/8U7YQT4iJWPJa042eRORC wJCohZx5LDHzyl+cdpiD4drDOn/jWfwGYaoHGGy98AbdjCNkE7J3PhA6e/HaUJBW 1Fj/wooH3tSaxqlnUdMV6Og9zNMNozAC7Xl0t1bDXOGHZg7qgBAL98FS1X2mnRZR JmMdZYXLZHG8iSKOgzvQnhTZZ6+EzxJELNKul08uXCGaEqIFXwU= =RJ70 -----END PGP SIGNATURE-----