Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by OMNTEC
CVE-2024-6981 (GCVE-0-2024-6981)
Vulnerability from cvelistv5 – Published: 2024-09-27 16:11 – Updated: 2024-09-27 16:37
VLAI
Title
OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function
Summary
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform administrative actions without proper authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OMNTEC | Proteus Tank Monitoring |
Affected:
OEL8000III Series
|
|
| omntec | proteus_tank_monitoring |
Affected:
oel8000_iii_series
cpe:2.3:a:omntec:proteus_tank_monitoring:oel8000_iii_series:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omntec:proteus_tank_monitoring:oel8000_iii_series:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "proteus_tank_monitoring",
"vendor": "omntec",
"versions": [
{
"status": "affected",
"version": "oel8000_iii_series"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:33:38.207492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:37:39.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proteus Tank Monitoring",
"vendor": "OMNTEC",
"versions": [
{
"status": "affected",
"version": "OEL8000III Series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMNTEC Proteus Tank Monitoring OEL8000III Series\n\n\ncould allow an attacker to perform administrative actions without proper authentication."
}
],
"value": "OMNTEC Proteus Tank Monitoring OEL8000III Series\n\n\ncould allow an attacker to perform administrative actions without proper authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:11:26.742Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06"
}
],
"source": {
"advisory": "ICSA-24-268-06",
"discovery": "EXTERNAL"
},
"title": "OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMNTEC Mfg., Inc. has not responded to CISA\u0027s requests to coordinate at this time. Users can reach out to the vendor on their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.omntec.com/contact\"\u003ewebsite\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "OMNTEC Mfg., Inc. has not responded to CISA\u0027s requests to coordinate at this time. Users can reach out to the vendor on their website https://www.omntec.com/contact ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-6981",
"datePublished": "2024-09-27T16:11:26.742Z",
"dateReserved": "2024-07-22T13:39:53.735Z",
"dateUpdated": "2024-09-27T16:37:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6981 (GCVE-0-2024-6981)
Vulnerability from nvd – Published: 2024-09-27 16:11 – Updated: 2024-09-27 16:37
VLAI
Title
OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function
Summary
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform administrative actions without proper authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OMNTEC | Proteus Tank Monitoring |
Affected:
OEL8000III Series
|
|
| omntec | proteus_tank_monitoring |
Affected:
oel8000_iii_series
cpe:2.3:a:omntec:proteus_tank_monitoring:oel8000_iii_series:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omntec:proteus_tank_monitoring:oel8000_iii_series:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "proteus_tank_monitoring",
"vendor": "omntec",
"versions": [
{
"status": "affected",
"version": "oel8000_iii_series"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:33:38.207492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:37:39.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proteus Tank Monitoring",
"vendor": "OMNTEC",
"versions": [
{
"status": "affected",
"version": "OEL8000III Series"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMNTEC Proteus Tank Monitoring OEL8000III Series\n\n\ncould allow an attacker to perform administrative actions without proper authentication."
}
],
"value": "OMNTEC Proteus Tank Monitoring OEL8000III Series\n\n\ncould allow an attacker to perform administrative actions without proper authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:11:26.742Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06"
}
],
"source": {
"advisory": "ICSA-24-268-06",
"discovery": "EXTERNAL"
},
"title": "OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OMNTEC Mfg., Inc. has not responded to CISA\u0027s requests to coordinate at this time. Users can reach out to the vendor on their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.omntec.com/contact\"\u003ewebsite\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "OMNTEC Mfg., Inc. has not responded to CISA\u0027s requests to coordinate at this time. Users can reach out to the vendor on their website https://www.omntec.com/contact ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-6981",
"datePublished": "2024-09-27T16:11:26.742Z",
"dateReserved": "2024-07-22T13:39:53.735Z",
"dateUpdated": "2024-09-27T16:37:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}