Medium severity5.6NVD Advisory· Published Oct 17, 2017· Updated May 13, 2026

CVE-2017-14013

Description

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

Affected products

N/a/Prominent Multiflex M10a Controllerv5
Range: ProMinent MultiFLEX M10a Controller
Prominent/Multiflex M10a Controller Firmware
cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101259nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-285-01nvdMitigationThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.364
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000