Lucene search

CERTVDECVELIST:CVE-2023-4152

HistorySep 21, 2023 - 6:18 a.m.

CVE-2023-4152 Frauscher FDS101 for FAdC/FAdCi path traversal vulnerability

2023-09-2106:18:21

CWE-22

CERTVDE

www.cve.org

cve-2023-4152

frauscher sensortechnik gmbh

fds101

fadc

fadci

path traversal

web interface

remote attacker

filesystem

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FDS101 for FAdC/FAdCi",
    "vendor": "Frauscher",
    "versions": [
      {
        "lessThanOrEqual": "1.4.24",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-038/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Related for CVELIST:CVE-2023-4152