Description
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101249
Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03
Scores
CVSS v3
8.2
EPSS
0.0230
EPSS Percentile
81.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (2)
envitech/envidas_ultimate
< 1.0.0.4
n/a/Envitech Ltd. EnviDAS Ultimate
Envitech Ltd. EnviDAS Ultimate
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026