CVE-2023-28649

EPSS 0.06%
Veröffentlicht 22.05.2023 20:15:10
Zuletzt bearbeitet 09.12.2024 18:15:20
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Snapone ≫ Orvc SwPlatformpro Version < 7.3.0

Snapone ≫ Ovrc-300-pro Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
ics-cert@hq.dhs.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-413 Improper Resource Locking

The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

Third Party Advisory

US Government Resource

https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2023-28649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28649

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28649