Lucene search

[email protected]NVD:CVE-2023-23590

HistoryJan 15, 2023 - 5:15 a.m.

CVE-2023-23590

2023-01-1505:15:09

[email protected]

web.nvd.nist.gov

mercedes-benz

xentry retail

data storage

7.8.1

denial of service

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.2%

JSON

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.

Affected configurations

Nvd

Node

mercedes-benzxentry_retail_data_storage_firmwareMatch7.8.1

AND

mercedes-benzxentry_retail_data_storageMatch-

VendorProductVersionCPE
mercedes-benzxentry_retail_data_storage_firmware7.8.1cpe:2.3:o:mercedes-benz:xentry_retail_data_storage_firmware:7.8.1:*:*:*:*:*:*:*
mercedes-benzxentry_retail_data_storage-cpe:2.3:h:mercedes-benz:xentry_retail_data_storage:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mercedes-benz	xentry_retail_data_storage_firmware	7.8.1	cpe:2.3:o:mercedes-benz:xentry_retail_data_storage_firmware:7.8.1:::::::*
mercedes-benz	xentry_retail_data_storage	-	cpe:2.3:h:mercedes-benz:xentry_retail_data_storage:-:::::::*

References

b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage

medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.2%

JSON

Related for NVD:CVE-2023-23590

cve1 cvelist1 prion1