CVE-2017-14013

MEDIUM

ProMinent MultiFLEX M10a - Privilege Escalation

Title source: llm

Description

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101259

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Scores

CVSS v3 5.6

EPSS 0.0029

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-669 CWE-602

Status published

Products (2)

n/a/ProMinent MultiFLEX M10a Controller ProMinent MultiFLEX M10a Controller

prominent/multiflex_m10a_controller_firmware

Published Oct 17, 2017

Tracked Since Feb 18, 2026