CVE-2023-25915

EPSS 0.78%
Veröffentlicht 21.08.2023 21:15:09
Zuletzt bearbeitet 17.01.2025 17:54:52
Quelle csirt@divd.nl
CVE-Watchlists
Login
Unerledigt
Login

Authenticated Remote Command Execution in Danfoss AK-SM800A

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Danfoss ≫ Ak-sm 800a Firmware Version <= 3.3

Danfoss ≫ Ak-sm 800a Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.78%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
csirt@divd.nl	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://csirt.divd.nl/DIVD-2023-00025

Third Party Advisory

https://csirt.divd.nl/CVE-2023-25915

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25915

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25915

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25915

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-25915