In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mo…
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
https://cwe.mitre.org/data/definitions/1242.html →Open in CWE collection →An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.
https://capec.mitre.org/data/definitions/36.html →Open in CAPEC collection →An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.
https://capec.mitre.org/data/definitions/212.html →Open in CAPEC collection →