Lucene search

[email protected]NVD:CVE-2023-46664

HistoryOct 26, 2023 - 9:15 p.m.

CVE-2023-46664

2023-10-2621:15:07

CWE-284

[email protected]

web.nvd.nist.gov

sielco polyeco1000

improper access control

vulnerability

user-supplied input

authorization

protected pages

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Affected configurations

NVD

Node

sielcopolyeco500_firmwareMatch1.7.0cpu

sielcopolyeco500_firmwareMatch10.16fpga

AND

sielcopolyeco500Match-

Node

sielcopolyeco300_firmwareMatch2.0.0cpu

sielcopolyeco300_firmwareMatch2.0.2cpu

sielcopolyeco300_firmwareMatch10.19fpga

AND

sielcopolyeco300Match-

Node

sielcopolyeco1000_firmwareMatch1.9.3cpu

sielcopolyeco1000_firmwareMatch1.9.4cpu

sielcopolyeco1000_firmwareMatch2.0.6cpu

sielcopolyeco1000_firmwareMatch10.19fpga

AND

sielcopolyeco1000Match-

References

www.cisa.gov/news-events/ics-advisories/icsa-23-299-07

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for NVD:CVE-2023-46664

cvelist1 zeroscience1 cve1 prion1 ics1