Description
An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101259
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
Scores
CVSS v3
6.5
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-319
Status
published
Products (2)
n/a/ProMinent MultiFLEX M10a Controller
ProMinent MultiFLEX M10a Controller
prominent/multiflex_m10a_controller_firmware
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026