question

daudimakundi avatar image
daudimakundi asked

vulnerability

Team, I am connect color control GX with Inverter using our internal network. during vulnerability test found below issues:

1.Issue: Installed version : jQuery 2.1.3 solution: Fixed by upgrading jQuery version : 3.5.0

2. Issue: Web Application Potentially Vulnerable to Clickjacking

3. issue: Installed version : PHP version7.4.21 , Solution: Upgrade to PHP version 7.4.28 or later

CCGX Color Control
1 comment
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

nickdb avatar image nickdb ♦♦ commented ·
If security is a concern, and there's always a vulnerability, then IOT devices (biggest culprits) should be segmented onto a dedicated vlan and wireless ssid.

The console can also be secured with a password.

0 Likes 0 ·
1 Answer
jeroen avatar image
jeroen answered ·

Thanks, we do care, see https://lists.openembedded.org/g/openembedded-devel/message/96434 and https://github.com/victronenergy/meta-openembedded/commit/3767b730a3851cc5b89e6eae2110b2554261059a.

Not sure what the "Issue: Web Application Potentially Vulnerable to Clickjacking" is.

The jquery issue is being inspected.

2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.