Lucene search
HistoryMar 27, 2023 - 8:15 p.m.
CVE-2023-28650
unauthenticated
remote
attacker
malicious
link
unsuspecting user
click
execute
javascript
payload
security context
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
46.1%
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.
Affected configurations
Node
sauter-controlsey-as525f001_firmwareMatch-
sauter-controlsey-as525f001Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sauter-controls | ey-as525f001_firmware | - | cpe:2.3:o:sauter-controls:ey-as525f001_firmware:-:*:*:*:*:*:*:* |
| sauter-controls | ey-as525f001 | - | cpe:2.3:h:sauter-controls:ey-as525f001:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-28650 CVE-2023-28650
2023-03-27 19:40:04
prion
prion
Code injection
2023-03-27 20:15:00
cve
cve
CVE-2023-28650
2023-03-27 20:15:09
ics
ics
SAUTER EY-modulo 5 Building Automation Stations
2023-03-23 12:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
46.1%
Related for NVD:CVE-2023-28650