5.3

CVE-2023-28412









When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SnaponeOrvc SwPlatformpro Version < 7.3.0
   Control4Ca-1 Version-
   Control4Ca-10 Version-
   Control4Ea-1 Version-
   Control4Ea-3 Version-
   Control4Ea-5 Version-
   SnaponeAn-110-rt-2l1w Version-
   SnaponeAn-110-rt-2l1w-wifi Version-
   SnaponeAn-310-rt-4l2w Version-
   SnaponeOvrc-300-pro Version-
   SnaponePakedge Rk-1 Version-
   SnaponePakedge Rt-3100 Version-
   SnaponePakedge Wr-1 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.278
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ics-cert@hq.dhs.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Third Party Advisory
US Government Resource