Lucene search

[email protected]CVE-2023-2024

HistoryMay 18, 2023 - 9:15 p.m.

CVE-2023-2024

2023-05-1821:15:09

CWE-287

[email protected]

web.nvd.nist.gov

cve-2023-2024

improper authentication

openblue enterprise manager

data collector

unauthorized access

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.6%

JSON

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.

Affected configurations

NVD

Node

johnsoncontrolsopenblue_enterprise_manager_data_collectorRange<3.2.5.75

CPENameOperatorVersion
johnsoncontrols:openblue_enterprise_manager_data_collectorjohnsoncontrols openblue enterprise manager data collectorlt3.2.5.75

CPE	Name	Operator	Version
johnsoncontrols:openblue_enterprise_manager_data_collector	johnsoncontrols openblue enterprise manager data collector	lt	3.2.5.75

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenBlue Enterprise Manager Data Collector",
    "vendor": "Johnson Controls",
    "versions": [
      {
        "lessThan": "3.2.5.75",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-138-04

www.johnsoncontrols.com/cyber-solutions/security-advisories

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for CVE-2023-2024

cvelist1 prion1 nvd1 ics1