9.8

CVE-2023-2003

EPSS 0.27%
Veröffentlicht 13.07.2023 12:15:09
Zuletzt bearbeitet 21.11.2024 07:57:44
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Unitronicsplc ≫ Vision1210 Firmware Version4.3 Updatebuild_5

Unitronicsplc ≫ Vision1210 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.506

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve-coordination@incibe.es	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-506 Embedded Malicious Code

The product contains code that appears to be malicious in nature.

https://www.hackplayers.com/2023/07/vulnerabilidad-vision1210-unitronics.html

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/embedded-malicious-code-vulnerability-unitronics-vision1210

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2003

EUVD