Lucene search

PRIOn knowledge basePRION:CVE-2023-40709

HistoryAug 24, 2023 - 5:15 p.m.

Design/Logic Flaw

2023-08-2417:15:00

PRIOn knowledge base

www.prio-n.com

adversary

device crash

unconfigured web server

large icmp requests

snap pac s1 firmware version r10.3b

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.7%

JSON

An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b

CPENameOperatorVersion
snap_pac_s1_firmwareeq10.3.98114

CPE	Name	Operator	Version
	snap_pac_s1_firmware	eq	10.3.98114

References

www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

16.7%

JSON

Related for PRION:CVE-2023-40709