DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
|Case lead||Max van der Horst|
|Recommendation||It is recommended by Danfoss to install the latest patch with number 3.3.|
|Last modified||29 Sep 2023 10:59|
Multiple vulnerabilities related to insufficient restrications and input santization exist in the Danfoss AK-SM800A. These vulnerabilities should be considered serious and could lead to the full compromise of your system. It is advised by Danfoss to update to the latest version, which is version 3.3.
What you can do
For the AK-SM800A, it is advised to install the patch as soon as possible.
What we are doing
After completing the CVE registration, DIVD will start scanning for vulnerable instances. Owners of vulnerable systems receive a notification with instructions to mitigate the vulnerabilities.
|18 Jan 2023||Researchers from Hackdefense reach out to DIVD, DIVD starts investigation|
|18 Jan 2023||Vulnerabilities reported|
18 Jan 2023-
17 Feb 2023
|Time to acknowledge|
|17 Feb 2023||Vendor acknowledges receipt of vulnerabilities.|
|17 Aug 2023||Limited disclosure of the AK-SM800A vulnerabilities, including later mentioned vulnerabilities.|
|17 Aug 2023||DIVD starts scanning the internet for vulnerable instances.|
|27 Sep 2023||DIVD starts notifying customers with a vulnerable instance.|