CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000

🗓️ 26 Oct 2023 19:47:06Reported by icscertType

Weak default administrative credentials in Sielco PolyEco1000 allow remote attackers to gain full system control

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of Sielco PolyEco1000 digital FM transmitter’s microprogramming software lies in the insufficient limitation on authentication attempts, allowing a intruder to gain full control over the system.	1 Nov 202300:00	–	bdu_fstec
Circl	CVE-2023-5754	27 Oct 202300:18	–	circl
CNNVD	Sielco PolyEco1000 Security Vulnerability	26 Oct 202300:00	–	cnnvd
CVE	CVE-2023-5754	26 Oct 202319:47	–	cve
EUVD	EUVD-2023-58039	3 Oct 202520:07	–	euvd
ICS	Sielco PolyEco FM Transmitter	26 Oct 202306:00	–	ics
NVD	CVE-2023-5754	26 Oct 202320:15	–	nvd
OSV	CVE-2023-5754	26 Oct 202320:15	–	osv
Prion	Default credentials	26 Oct 202320:15	–	prion
Positive Technologies	PT-2023-6585 · Sielco · Sielco Polyeco1000	26 Oct 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "PolyEco1000",
    "vendor": "Sielco ",
    "versions": [
      {
        "status": "affected",
        "version": "CPU:2.0.6 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:1.9.4 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:1.9.3 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:1.7.0 FPGA:10.16"
      },
      {
        "status": "affected",
        "version": "CPU:2.0.2 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:2.0.0 FPGA:10.19"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-299-07

26 Oct 2023 19:47Current

10High risk

Vulners AI Score10

CVSS 3.19.1

EPSS0.0008

CWE-307