Full title: Anybus Modbus Gateway - Authenticated Directory Traversal Vulnerability 
Category: web applications
Platform: hardware
The  cgi-bin/read.cgi CGI script in the cgi-bin folder on the devices webserver is vulnerable to directly traversal by directly including any file. It typically includes files from the /home/httpd/jjs directoy but you can access files outside of the main webserver directory.
There's 67 of these devices on Shodan https://www.shodan.io/search?query=ModbusGW

# 0day.today @ http://0day.today/