Softing uaGate SI 1.60.01 Improper Control of Generation of Code (‘Code Injection’) Vulnerability

Summary

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection.

Credit:

The information has been provided by Vendor

The original article can be found at: https://security.mioso.com/CVE-2019-11526-en.html


Details

This enables the Attacker to write files with superuser privileges in specific locations.

Vulnerable Systems:

Softing uaGate SI 1.60.01 

CVE Information:

CVE-2019-11526

Disclosure Timeline:
Published Date:10/10/2019