Lucene search
IcscertCVELIST:CVE-2023-27886HistoryMar 28, 2023 - 8:04 p.m.
CVE-2023-27886 CVE-2023-27886
2023-03-2820:04:07
icscert
www.cve.org
5
cve-2023-27886
osprey pump controller
command injection
http post
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
52.1%
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script.
CNA Affected
[
{
"vendor": "ProPump and Controls, Inc.",
"product": "Osprey Pump Controller",
"versions": [
{
"status": "affected",
"version": "1.01"
}
]
}
]Related
nvd
nvd
CVE-2023-27886
2023-03-28 21:15:10
cve
cve
CVE-2023-27886
2023-03-28 21:15:10
prion
prion
Command injection
2023-03-28 21:15:00
zeroscience
zeroscience
Osprey Pump Controller 1.0.1 (pseudonym) Semi-blind Command Injection
2023-02-27 00:00:00
Osprey Pump Controller 1.0.1 (userName) Blind Command Injection
2023-02-27 00:00:00
ics
ics
ProPump and Controls Osprey Pump Controller (Update A)
2024-02-08 12:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
52.1%
Related for CVELIST:CVE-2023-27886