SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-436688152] Newport XPS-Cx, XPS-Qx

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-27OtherNewportMaxim Rupp identified the vulnerability. N/ACVE-2017-7919 N/AN/AN/A

Source

						
							
								
#
# Newport XPS-Cx, XPS-Qx
#


### VULNERABLE VENDOR
Newport


### VULNERABLE PRODUCT
XPS-Cx, XPS-Qx



### RESEARCHER
Maxim Rupp identified the vulnerability.



### AFFECTED PRODUCTS

The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected:

XPS-Cx all versions, and
XPS-Qx all versions.



### IMPACT

Successful exploitation of this vulnerability may allow an attacker to view and edit settings without authenticating by accessing a specific uniform resource locator (URL).



### VULNERABILITY OVERVIEW

IMPROPER AUTHENTICATION CWE-287
An attacker may bypass authentication by accessing a specific uniform resource locator (URL)


CVE-2017-7919 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States




### MITIGATION

Newport reports that this issue will be addressed in the next generation XPS-Dx controller.