Four safety vulnerabilities have been found in Iagona’s ScrutisWeb ATM fleet monitoring software program, which may enable attackers to remotely entry ATMs, add arbitrary information, and reboot the terminals. The flaws have been uncovered by the Synack Red Team and have been addressed in the most recent model of the software program. The vulnerabilities embody a listing traversal flaw, a distant code execution vulnerability, a cryptographic vulnerability, and an insecure direct object reference vulnerability. The most extreme of those flaws permits an unauthenticated person to add any file and look at it by way of an internet browser, probably resulting in command injection. The researchers additionally famous that an attacker may exploit these vulnerabilities to achieve administrator entry to the ScrutisWeb administration console, monitor actions on ATMs, and delete log information to cowl their tracks.
Source hyperlink
