7.5
CVE-2023-22803
- EPSS 0.16%
- Veröffentlicht 15.02.2023 18:15:11
- Zuletzt bearbeitet 21.11.2024 07:45:27
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginLS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ls-electric ≫ Xbc-dn32u Firmware Version01.80
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.368 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.