CVE-2024-1040
published 2024-02-01CVE-2024-1040: Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the…
PriorityP420medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
EPSS
0.11%
1.8th percentile
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gessler_gmbh | web-master | — | — |
| gesslergmbh | web-master_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Gessler GmbH WEB-MASTER
cisa_ics·2025-08-07·CVSS 9.8
[CRITICAL] Gessler GmbH WEB-MASTER
ICS Advisory
##
Gessler GmbH WEB-MASTER
Last RevisedAugust 07, 2025
Alert CodeICSA-24-032-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable Remotely/Low attack complexity
- Vendor: Gessler GmbH
- Equipment: WEB-MASTER
- Vulnerabilities: Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic Algorithm
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a user to take control of the web management of the device. An attacker with access to the device could also extract and break the password hashes for all users stored on the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following ve
GHSA
GHSA-jmx5-5g59-g2rw: Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm
ghsa_unreviewed·2024-02-02
CVE-2024-1040 [MEDIUM] CWE-327 GHSA-jmx5-5g59-g2rw: Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.
Suricata
ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M1
suricata·2022-05-09·CVSS 9.8
CVE-2022-1040 [CRITICAL] ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M1
ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M1
Rule: alert http $HOME_NET any -> any any (msg:"ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M1"; flow:established,to_client; flowbits:isset,ET.SophosAuthBypass; file.data; content:"{|22|status|22 3a 22|Session Expired|22|}"; fast_pattern; reference:cve,2022-1040; reference:url,attackerkb.com/topics/cdXl2NL3cR/cve-2022-1040; classtype:attempted-admin; sid:2036549; rev:3; metadata:created_at 2022_05_09, cve CVE_2022_1040, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mit
Suricata
ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M2
suricata·2022-05-09·CVSS 9.8
CVE-2022-1040 [CRITICAL] ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M2
ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M2
Rule: alert http $HOME_NET any -> any any (msg:"ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M2"; flow:established,to_client; flowbits:isset,ET.SophosAuthBypass; file.data; content:"{|22|status|22 3a 22|-2|22|}"; fast_pattern; reference:cve,2022-1040; reference:url,attackerkb.com/topics/cdXl2NL3cR/cve-2022-1040; classtype:attempted-admin; sid:2036550; rev:3; metadata:created_at 2022_05_09, cve CVE_2022_1040, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_
No public exploits indexed.
No writeups or analysis indexed.
2024-02-01
Published