Lucene search

IcscertCVELIST:CVE-2023-33868

HistoryJul 06, 2023 - 10:53 p.m.

CVE-2023-33868 PiiGAB M-Bus Improper Restriction of Excessive Authentication Attempts

2023-07-0622:53:59

CWE-307

icscert

www.cve.org

cve-2023-33868

piigab

m-bus

excessive authentication

brute force

http

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "M-Bus SoftwarePack",
    "vendor": "PiiGAB ",
    "versions": [
      {
        "status": "affected",
        "version": "900S"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-187-01

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVELIST:CVE-2023-33868