Lucene search
IcscertCVELIST:CVE-2023-50706HistoryDec 19, 2023 - 11:47 p.m.
CVE-2023-50706 Improper Access Control in EFACEC UC 500E
2023-12-1923:47:49
CWE-284
icscert
www.cve.org
1
cve-2023-50706
improper access control
efacec uc 500e
memory dump
credentials
session tokens
windows system
4.1 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.2%
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "UC 500E",
"vendor": "EFACEC",
"versions": [
{
"status": "affected",
"version": "version 10.1.0"
}
]
}
]Related
prion
prion
Code injection
2023-12-20 00:15:00
cve
cve
CVE-2023-50706
2023-12-20 00:15:09
nvd
nvd
CVE-2023-50706
2023-12-20 00:15:09
ics
ics
EFACEC UC 500E
2023-12-19 12:00:00
4.1 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.2%
Related for CVELIST:CVE-2023-50706