{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://certvde.com" ] } ], "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale", "text": "Medium" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-GB", "notes": [ { "category": "summary", "text": "Multiple products from JUMO are affected by webserver vulnerability \"CVE-2013-6786, CVE-2014-9222, CVE-2014-9223. This vulnerability leads to DOS of the device by using a misfortune cookie and reflected XSS attacks.", "title": "Summary" }, { "category": "description", "text": "DOS vulnerability of the device in case of Misfortune Cookie.\nXSS vulnerability allows remote attackers to inject arbitrary web script or HTML.", "title": "Impact" }, { "category": "description", "text": "Control the access to the devices webserver by using a Firewall to block traffic from untrusted networks.", "title": "Mitigation" }, { "category": "description", "text": "Update to latest software version.\nFor latest software version please contact \nsupport@jumo.net.\n\nFixed for:\n- Version 248.05.02 for JUMO mTRON T Central Processing Unit\n- Version 249.05.03 for JUMO mTRON T Multifunction panel 840\n- Version 266.04.07 for JUMO DICON touch\n- Version 304.09.04 for JUMO AQUIS touch", "title": "Remediation" } ], "publisher": { "category": "vendor", "contact_details": "psirt@jumo.net", "name": "JUMO GmbH & Co. KG", "namespace": "https://www.jumo.group" }, "references": [ { "category": "external", "summary": "Jumo PSIRT", "url": "https://www.jumo.group/de/en/services/product-security" }, { "category": "external", "summary": "CERT@VDE Security Advisories for Jumo", "url": "https://certvde.com/de/advisories/vendor/jumo/" }, { "category": "self", "summary": "VDE-2026-071: JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices - HTML", "url": "https://certvde.com/en/advisories/VDE-2026-071" }, { "category": "self", "summary": "VDE-2026-071: JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices - CSAF", "url": "https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-071.json" } ], "title": "JUMO: Allegro RomPager webserver vulnerability in JUMO mTRONT, DICON touch, AQUIS touch devices", "tracking": { "aliases": [ "VDE-2026-071" ], "current_release_date": "2026-06-23T10:00:00.000Z", "generator": { "date": "2026-06-18T08:02:04.100Z", "engine": { "name": "Secvisogram", "version": "2.5.44" } }, "id": "VDE-2026-071", "initial_release_date": "2026-06-23T10:00:00.000Z", "revision_history": [ { "date": "2026-06-23T10:00:00.000Z", "legacy_version": "1.0.0", "number": "1.0.0", "summary": "initial release" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "JUMO mTRON T Central Processing Unit", "product": { "name": "JUMO mTRON T Central Processing Unit", "product_id": "CSAFPID-0001", "product_identification_helper": { "cpe": "cpe:2.3:h:jumo:jumo_mtron_t_central_processing_unit:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "JUMO mTRON T Multifunction panel 840", "product": { "name": "JUMO mTRON T Multifunction panel 840", "product_id": "CSAFPID-0002", "product_identification_helper": { "cpe": "cpe:2.3:h:jumo:jumo_mtron_t_multifunction_panel_840:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "JUMO DICON touch", "product": { "name": "JUMO DICON touch", "product_id": "CSAFPID-0003", "product_identification_helper": { "cpe": "cpe:2.3:h:jumo:jumo_dicon_touch:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "JUMO AQUIS touch", "product": { "name": "JUMO AQUIS touch", "product_id": "CSAFPID-0004", "product_identification_helper": { "cpe": "cpe:2.3:h:jumo:jumo_aquis_touch:*:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Hardware" }, { "branches": [ { "category": "product_version_range", "name": "vers:semver/<248.05.02", "product": { "name": "Firmware <248.05.02", "product_id": "CSAFPID-0020", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "248.05.02", "product": { "name": "Firmware 248.05.02", "product_id": "CSAFPID-0021", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:248.05.02:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:semver/<249.05.03", "product": { "name": "Firmware <249.05.03", "product_id": "CSAFPID-0023", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "249.05.03", "product": { "name": "Firmware 249.05.03", "product_id": "CSAFPID-0022", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:249.05.03:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:semver/<266.04.07", "product": { "name": "Firmware <266.04.07", "product_id": "CSAFPID-0024", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "266.04.07", "product": { "name": "Firmware 266.04.07", "product_id": "CSAFPID-0025", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:266.04.07:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:semver/<304.09.04", "product": { "name": "Firmware <304.09.04", "product_id": "CSAFPID-0026", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:*:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "304.09.04", "product": { "name": "Firmware 304.09.04", "product_id": "CSAFPID-0027", "product_identification_helper": { "cpe": "cpe:2.3:o:jumo:firmware:304.09.04:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Firmware" } ], "category": "vendor", "name": "JUMO" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ], "summary": "Affected products." }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-33011", "CSAFPID-51901" ], "summary": "Fixed products." } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "Firmware <248.05.02 installed on JUMO mTRON T Central Processing Unit", "product_id": "CSAFPID-33001", "product_identification_helper": { "cpe": "cpe:2.3:o:vendor_name:product_name_01:rev_a:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0020", "relates_to_product_reference": "CSAFPID-0001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <249.05.03 installed on JUMO mTRON T Multifunction panel 840", "product_id": "CSAFPID-33002", "product_identification_helper": { "cpe": "cpe:2.3:o:vendor_name:product_name_02:*:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0023", "relates_to_product_reference": "CSAFPID-0002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <266.04.07 installed on JUMO DICON touch", "product_id": "CSAFPID-31001", "product_identification_helper": { "cpe": "cpe:2.3:o:vendor_name:product_name_01:rev_a:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0024", "relates_to_product_reference": "CSAFPID-0003" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <304.09.04 installed on JUMO AQUIS touch", "product_id": "CSAFPID-31002", "product_identification_helper": { "cpe": "cpe:2.3:o:vendor_name:product_name_02:*:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0026", "relates_to_product_reference": "CSAFPID-0004" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 248.05.02 installed on JUMO mTRON T Central Processing Unit", "product_id": "CSAFPID-32001", "product_identification_helper": { "cpe": "cpe:2.3:o:vendor_name:product_name_01:rev_a:8.4.2:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0021", "relates_to_product_reference": "CSAFPID-0001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 249.05.03 installed on JUMO mTRON T Multifunction panel 840", "product_id": "CSAFPID-32002", "product_identification_helper": { "cpe": "cpe:2.3:o:vendor_name:product_name_02:8.4.2:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0022", "relates_to_product_reference": "CSAFPID-0002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 266.04.07 installed on JUMO DICON touch", "product_id": "CSAFPID-33011", "product_identification_helper": { "cpe": "cpe:2.3:a:vendor_name:engineering_sdk:*:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0025", "relates_to_product_reference": "CSAFPID-0003" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 304.09.04 installed on JUMO AQUIS touch", "product_id": "CSAFPID-51901", "product_identification_helper": { "cpe": "cpe:2.3:a:vendor_name:engineering_sdk:*:*:*:*:*:*:*:*" } }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0004" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-9223", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2014-12-24T11:00:00.000Z", "notes": [ { "audience": "all", "category": "description", "text": "Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.", "title": "CVE description" }, { "category": "details", "text": "DOS vulnerability of the device in case of buffer overflow. For our products we expect a CVSS Score of: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "title": "Vulnerability Characterisation" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-33011", "CSAFPID-51901" ], "known_affected": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ] }, "references": [ { "category": "external", "summary": "CVE Record: CVE-2014-9223", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9223" }, { "category": "external", "summary": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C - 10.0 - High", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } ], "release_date": "2014-12-24T11:00:00.000Z", "remediations": [ { "category": "vendor_fix", "date": "2024-06-15T10:00:00.000Z", "details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10, "confidentialityImpact": "COMPLETE", "environmentalScore": 10, "integrityImpact": "COMPLETE", "temporalScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ] } ], "title": "Multiple buffer overflows in AllegroSoft RomPager" }, { "cve": "CVE-2013-6786", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "discovery_date": "2014-01-16T11:00:00.000Z", "notes": [ { "audience": "operational management and system administrators", "category": "details", "text": "XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.", "title": "Vulnerability Characterisation" }, { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the \"forbidden author header\" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a \"URL redirection\" issue that some sources list separately.", "title": "CVE description" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-33011", "CSAFPID-51901" ], "known_affected": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ] }, "references": [ { "category": "external", "summary": "CVE Record: CVE-2013-6786", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6786" }, { "category": "external", "summary": "CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N - 4.3 - Medium", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "release_date": "2014-01-16T11:00:00.000Z", "remediations": [ { "category": "vendor_fix", "date": "2024-06-15T10:00:00.000Z", "details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "environmentalScore": 4.3, "integrityImpact": "PARTIAL", "temporalScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ] } ], "title": "Cross-site scripting (XSS) vulnerability in Allegro RomPager" }, { "cve": "CVE-2014-9222", "cwe": { "id": "CWE-17", "name": "DEPRECATED: Code" }, "discovery_date": "2014-12-24T11:00:00.000Z", "notes": [ { "category": "description", "text": "AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the \"Misfortune Cookie\" vulnerability.", "title": "CVE Description" }, { "category": "details", "text": "XSS vulnerability allows remote attackers to inject arbitrary web script or HTML.", "title": "Vulnerability Characterisation" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-33011", "CSAFPID-51901" ], "known_affected": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ] }, "references": [ { "category": "external", "summary": "CVE Record: CVE-2014-9222", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9222" }, { "category": "external", "summary": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C - 10.0 - High", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } ], "release_date": "2014-12-24T11:00:00.000Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-15T10:00:00.000Z", "details": "Update affected devices to:\n\nVersion 248.05.02 for JUMO mTRON T Central Processing Unit\nVersion 249.05.03 for JUMO mTRON T Multifunction panel 840\nVersion 266.04.07 for JUMO DICON touch\nVersion 304.09.04 for JUMO AQUIS touch", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10, "confidentialityImpact": "COMPLETE", "environmentalScore": 10, "integrityImpact": "COMPLETE", "temporalScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "CSAFPID-33001", "CSAFPID-33002", "CSAFPID-31001", "CSAFPID-31002" ] } ], "title": "Misfortune Cookie vulnerability in AllegroSoft RomPager 4.34" } ] }