CVE-2018-9161

high-risk

Published 2018-03-31

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.

Do I need to act?

55.1% chance of exploitation in next 30 days

EPSS score — higher than 45% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Checkweigher Prismaweb

Affected Vendors

Prismaindustriale

References (4)

Exploit https://www.exploit-db.com/exploits/44276/

Third Party Advisory https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php

Exploit https://www.exploit-db.com/exploits/44276/

Third Party Advisory https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 18/34 · Moderate

Exposure 5/34 · Minimal