Lucene search

DragosCVELIST:CVE-2023-40708

HistoryAug 24, 2023 - 4:08 p.m.

CVE-2023-40708 Improper Access Control in OPTO 22 SNAP PAC S1

2023-08-2416:08:23

CWE-284

Dragos

www.cve.org

cve-2023-40708

ftp port

default setting

adversary access

device files

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SNAP PAC S1",
    "vendor": "OPTO 22",
    "versions": [
      {
        "status": "affected",
        "version": "R10.3b"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-40708