Lucene search

[email protected]CVE-2023-22583

HistoryJun 11, 2023 - 2:15 p.m.

CVE-2023-22583

2023-06-1114:15:09

CWE-89

[email protected]

web.nvd.nist.gov

danfoss

ak-em100

web forms

sql injection

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

Affected configurations

NVD

Node

danfossak-em100_firmwareRange<2.2.0.12

AND

danfossak-em100Match-

CPENameOperatorVersion
danfoss:ak-em100_firmwaredanfoss ak-em100 firmwarelt2.2.0.12

CPE	Name	Operator	Version
danfoss:ak-em100_firmware	danfoss ak-em100 firmware	lt	2.2.0.12

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AK-EM100",
    "vendor": "Danfoss",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.2.0.12"
      }
    ]
  }
]

References

csirt.divd.nl/DIVD-2023-00021

divd.nl/cves/CVE-2023-22583

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for CVE-2023-22583

nvd1 cvelist1 prion1