CVE-2023-28712

CVE-2023-28712 affects the Osprey Pump Controller, specifically version 1.01, with an unauthenticated command injection vulnerability that can grant system access with www-data permissions. Multiple connected sources (NVD, RH Red Hat advisory, ICS-CISA update) confirm an unauthenticated command e...

CVE-2023-28712 CVE-2023-28712

Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions...

CVE-2023-28718

CVE-2023-28718 (Osprey Pump Controller 1.01) suffers a Cross-Site Request Forgery (CSRF) due to HTTP requests being accepted without sufficient validation. The vulnerability can let an attacker cause actions with administrative privileges if a logged-in user visits a malicious site. Affected prod...

CVE-2023-28718 CVE-2023-28718

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

CVE-2023-28718 CVE-2023-28718

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

CVE-2023-28398

CVE-2023-28398 affects the Osprey Pump Controller (version 1.01). The vulnerability allows an unauthenticated user to create an account and bypass authentication via an alternate path/channel, enabling unauthorized access to the pump controller. Impact per the sources includes disruption of opera...

CVE-2023-28398 CVE-2023-28398

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...

CVE-2023-28398 CVE-2023-28398

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...

CVE-2023-28648 CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

CVE-2023-28648

CVE-2023-28648 affects the Osprey Pump Controller (version 1.01). The vulnerability arises from inputs passed to a GET parameter not being properly sanitized, allowing an attacker to execute arbitrary HTML/JS in a user’s browser session within the context of the affected site (cross-site scriptin...

CVE-2023-27394 CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

CVE-2023-27394

CVE-2023-27394 affects the Osprey Pump Controller; versions prior to 20230518 are vulnerable to an unauthenticated OS command injection via HTTP GET parameters in DataLogView.php, EventsView.php, and AlarmsView.php, allowing arbitrary shell commands to be executed. The issue is confirmed in multi...

CVE-2023-27394 CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

CVE-2023-27886

CVE-2023-27886 concerns the Osprey Pump Controller, v1.01, with an unauthenticated OS command-injection vulnerability exploitable via a HTTP POST parameter called by index.php. The issue affects versions prior to release 20230518. Impact is high (remote, no user interaction required), with potent...

CVE-2023-27886 CVE-2023-27886

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script...

CVE-2023-27886 CVE-2023-27886

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script...

CVE-2023-28654 CVE-2023-28654

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

CVE-2023-28654

CVE-2023-28654 affects the Osprey Pump Controller, version 1.01. A hidden administrative account with a hardcoded password exists, not visible in the usernames/passwords list, and cannot be changed through normal operation. The backdoor is in Mirage_ValidateSessionCode.x, allowing full access to ...

CVE-2023-28375 CVE-2023-28375

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

CVE-2023-28375

CVE-2023-28375 affects the Osprey Pump Controller (version 1.01). The issue is an unauthenticated file disclosure achievable via a GET parameter, enabling an attacker to disclose arbitrary files and sensitive/system information on the affected device. Red Hat and NVD entries corroborate the vulne...