CVE-2021-40366
N/A
N/A
Summary
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Climatix POL909 (AWB module) | All versions < V11.42 | affected |
| Siemens | Climatix POL909 (AWM module) | All versions < V11.34 | affected |
Weaknesses
- CWE-311: CWE-311: Missing Encryption of Sensitive Data
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.