A specially crafted authenticated HTTP request can inject arbitrary commands, resulting in remote code execution.
Activating SNMPD outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate SNMPD without any configuration changes to trigger this vulnerability.
A specially crafted authenticated HTTP request can upload a file, resulting in an executable, routable code upload to the web server.
A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests through an authenticated user. Triggering this vulnerability may allow an attacker access to authenticated pages via an authenticated user.
A specially crafted authenticated HTTP request can cause an information leak, resulting in the disclosure of internal file paths.
The ACEManager authentication functionality is delivered in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device, which may allow access to credentials.
Refer to ICS advisory for the list of affected products and upgraded patches.