Econolite: Security Vulnerabilities
Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-26
Econolite EOS versions prior to 3.2.23 use a weak hash
algorithm for encrypting privileged user credentials. A configuration file that
is accessible without authentication uses MD5 hashes for encrypting
credentials, including those of administrators and technicians.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-26