Lucene search

[email protected]NVD:CVE-2023-46662

HistoryOct 26, 2023 - 8:15 p.m.

CVE-2023-46662

2023-10-2620:15:08

CWE-284

[email protected]

web.nvd.nist.gov

sielco polyeco1000

information disclosure

access control

vulnerability

remote attacker

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.

Affected configurations

NVD

Node

sielcopolyeco500_firmwareMatch1.7.0cpu

sielcopolyeco500_firmwareMatch10.16fpga

AND

sielcopolyeco500Match-

Node

sielcopolyeco300_firmwareMatch2.0.0cpu

sielcopolyeco300_firmwareMatch2.0.2cpu

sielcopolyeco300_firmwareMatch10.19fpga

AND

sielcopolyeco300Match-

Node

sielcopolyeco1000_firmwareMatch1.9.3cpu

sielcopolyeco1000_firmwareMatch1.9.4cpu

sielcopolyeco1000_firmwareMatch2.0.6cpu

sielcopolyeco1000_firmwareMatch10.19fpga

AND

sielcopolyeco1000Match-

References

www.cisa.gov/news-events/ics-advisories/icsa-23-299-07

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for NVD:CVE-2023-46662

prion1 zeroscience1 cve1 cvelist1 ics1