Vulnerability Note VU#117604
Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication
Original Release date: 13 Jan 2015 | Last revised: 13 Jan 2015
Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data.
CWE-319: Cleartext Transmission of Sensitive Information
Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data between the client and server. It has been reported that Active Directory and other sensitive credentials are exposed as a result.
According to Panasonic, the affected products are:
Arbitrator MK 2.0 VPU using USB Wi-Fi
Arbitrator MK 2.0 VPU using Direct LAN
Arbitrator MK 3.0 VPU using Embedded Wi-Fi
Arbitrator MK 3.0 VPU using Direct LAN
The majority of Panasonic Arbitrator clients do not use these two upload methods and are not affected. If you are a Panasonic Arbitrator client that uses your laptop Wi-Fi connection for uploading or a wired connection for uploading you do not need to take any action.
A malicious user on the network may be able to discover sensitive credentials to other systems.
Apply an Update
Panasonic has released a statement with details on how to patch the system.
Vendor Information (Learn More)
VendorStatusDate NotifiedDate UpdatedPanasonicAffected18 Nov 201408 Jan 2015If you are a vendor and your product is affected, let
CVSS Metrics (Learn More)
Thanks to the reporter who wishes to remain anonymous.
This document was written by Chris King.
11 Dec 2014
Date First Published:
13 Jan 2015
Date Last Updated:
13 Jan 2015
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.