Potential unauthorized access to files on the Web HMI server host
Description
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. * Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed * Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed * Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
Affected products
2- Range: 2022-SP1 (22.50.005) without PS-2210-02-4079; 2023 (23.00.004) without PS-2300-03-3078, PS-2300-04-3078, PS-2300-82-3078; 2025 (25.00.016) without PS-2500-02-1078, PS-2500-04-1078; 2025 Updated Dec. 25 (25.10.007) without PS-2510-02-1077, PS-2510-04-1077
- CODRA/Panorama Suitev5Range: Panorama Suite 2022-SP1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.