Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.