Lucene search

IcscertCVELIST:CVE-2023-36859

HistoryJul 06, 2023 - 10:51 p.m.

CVE-2023-36859 PiiGAB M-Bus Code Injection

2023-07-0622:51:51

CWE-94

icscert

www.cve.org

piigab

m-bus

code injection

softwarepack 900s

vulnerability

user input

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

PiiGAB M-Bus

SoftwarePack 900S

does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "M-Bus SoftwarePack",
    "vendor": "PiiGAB ",
    "versions": [
      {
        "status": "affected",
        "version": "900S"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-187-01

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for CVELIST:CVE-2023-36859