Lynxspring: >> Jenesys Bas Bridge >> 1.1.8 Security Vulnerabilities
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication.
CVSS Score
8.6
EPSS Score
0.004
Published
2017-02-13
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY).
CVSS Score
8.8
EPSS Score
0.001
Published
2017-02-13
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-13
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application.
CVSS Score
7.1
EPSS Score
0.002
Published
2017-02-13