Description
The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.
References (1)
Core 1
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03
Scores
EPSS
0.0162
EPSS Percentile
73.2%
Details
CWE
CWE-284
Status
published
Products (5)
janitza/umg_508
janitza/umg_509
janitza/umg_511
janitza/umg_604
janitza/umg_605
Published
Oct 28, 2015
Tracked Since
Feb 18, 2026