ICSA-23-255-02
·
Published 2023-09-12
·
View on CISA ICS-CERT ↗
Fujitsu Software Infrastructure Manager
CVSS 5.9
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could result in an attacker retrieving the password for the proxy server that is configured in ISM from the maintenance data.
CVEs (1)
Remediations
- Fujitsu Software recommends updating the software to version V2.8.0.061, which has been released to fix this vulnerability.
- Fujitsu Software recommends, as a workaround, using a user ID and/or a password for the proxy server not including "\" (backslash) character, when downloading firmware.
- Fujitsu Software recommends, as a workaround, storing the maintenance data in a trusted location, and deleting when unnecessary.
- JPCERT/CC published JVN#38847224 regarding this issue.
Affected Vendors
Fujitsu Software
Affected Products (3)
Fujitsu Software
·
Infrastructure Manager
Advanced Edition V2.8.0.060
Fujitsu Software
·
Infrastructure Manager
Advanced Edition for PRIMEFLEX V2.8.0.060
Fujitsu Software
·
Infrastructure Manager
Essential Edition V2.8.0.060
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more