Use of GET Request Method With Sensitive Query Strings

CVE-2024-23766

High

7.5/10

Summary

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-598 - Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References

Advisory Timeline

Published Jun 26, 2024

Use of GET Request Method With Sensitive Query Strings

CVE-2024-23766

Summary

CWE-598 - Use of GET Request Method With Sensitive Query Strings

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS