DiCal-RED version 4009 provides a network server on TCP port 2101. This service does not seem to process any input, but it regularly sends data to connected clients. This includes operation messages when they are processed by the device. An unauthenticated attacker can therefore gain information about current emergency situations and possibly also emergency vehicle positions or routes.
ab5d94c2a1f0e4d8bfcda084e05a40a114001865191d658dc9600e79c80e6702
DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.
ac46a5297fc9b5ee7331f8918ab83a70fa899f2cf27a29ac3f89865c35bbf946
DiCal-RED version 4009 is vulnerable to unauthorized log access and other files on the device's file system due to improper authentication checks.
22505e01eb5b8d58240173b875a10f1ce90aedba603dcb8c2cab2ffb9c7b12b6
DiCal-RED version 4009 has an administrative web interface that is vulnerable to path traversal attacks in several places. The functions to download or display log files can be used to access arbitrary files on the device's file system. The upload function for new license files can be used to write files anywhere on the device's file system - possibly overwriting important system configuration files, binaries or scripts. Replacing files that are executed during system operation results in a full compromise of the whole device.
7c7db8db22b8d44815d0c4d1894bb2b5c72cd299da13c7d7e62d1b7f68ee685e
DiCal-RED version 4009 provides an administrative web interface that requests the administrative system password before it can be used. Instead of submitting the user-supplied password, its MD5 hash is calculated on the client side and submitted. An attacker who knows the hash of the correct password but not the password itself can simply replace the value of the password URL parameter with the correct hash and subsequently gain full access to the administrative web interface.
be90b2b3ba74aa9d5ebd8ad42a421183d9736ccd9ae6ba44a68eee851329062e
DiCal-RED version 4009 has a password that is stored in the file /etc/deviceconfig as a plain MD5 hash, i.e. without any salt or computational cost function.
4631bb7b250de8fee1eca2b359b877101e979ef0df7cbe8484627af4fcf3047e
DiCal-RED version 4009 provides an FTP service on TCP port 21. This service allows anonymous access, i.e. logging in as the user "anonymous" with an arbitrary password. Anonymous users get read access to the whole file system of the device, including files that contain sensitive configuration information, such as /etc/deviceconfig. The respective process on the system runs as the system user "ftp". Therefore, a few files with restrictive permissions are not accessible via FTP.
52bc52be64d4c2afda673bb45ef55a60f84844e255049be801b31a39b418fdfc
DiCal-RED version 4009 provides a Telnet service on TCP port 23. This service grants access to an interactive shell as the system's root user and does not require authentication.
a6385e494be7b4b70dba302642602595baa5c71833106dcef5c061db726846b5
FANUC Robotics Virtual Robot Controller version 8.23 suffers from a path traversal vulnerability.
451f052958031bcaa7d32e2a3eebd05d1fe15ad5d480d5caf7bb585a1ba75721
FANUC Robotics Virtual Robot Controller version 8.23 suffers from a stack-based buffer overflow vulnerability.
a5623f109ba65b003816746eb2a64c163616069d75285f9501dc30836a30321d