A dangerous vulnerability has been discovered in Tecson monitoring devices.
By exploiting the vulnerability, an attacker can access the interface configuration and change the device settings.
The instruments for monitoring oil tanks manufactured by the German company Tecson revealed a dangerous vulnerability that allows access to the web settings panel without credentials. To do this, an attacker will only need to know the address of the web server and the request format used.
By exploiting the vulnerability, an attacker can access the interface configuration and change settings, including passwords, alert settings, and output status data. Thus, it can affect the planned operations and carry out an attack on the automation processes.
The vulnerability received a CVE-2019-12254 identifier, the degree of its danger is estimated at 9.8 points on the CVSS scale. The issue affects Tecson LX-Net, LX-Q-Net, e-litro net, SmartBox4 LAN and SmartBox4 pro LAN devices. The vulnerability has been fixed by the manufacturer with the release of firmware version 6.3. As a measure to prevent attacks, users are advised to disable port forwarding and remote access to the vulnerable device.