Lucene search

IcscertVULNRICHMENT:CVE-2024-8310

HistorySep 27, 2024 - 4:33 p.m.

CVE-2024-8310 OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function

2024-09-2716:33:39

CWE-306

icscert

github.com

opw fuel management

sitesentinel

authentication bypass

admin privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "opwglobal",
    "product": "sitesentinel_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "17q2.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-268-01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-8310