9.8
CVE-2023-3127
- EPSS 0.45%
- Veröffentlicht 11.07.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:31
- Quelle productsecurity@jci.com
- CVE-Watchlists
- Unerledigt
LoginImproper Authentication in iSTAR
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Johnsoncontrols ≫ Istar Ultra Firmware Version >= 6.8.6 < 6.9.2
Johnsoncontrols ≫ Istar Ultra Firmware Version6.9.2 Update-
Johnsoncontrols ≫ Istar Ultra Lt Firmware Version >= 6.8.6 < 6.9.2
Johnsoncontrols ≫ Istar Ultra Lt Firmware Version6.9.2 Update-
Johnsoncontrols ≫ Istar Ultra G2 Firmware Version < 6.9.2
Johnsoncontrols ≫ Istar Ultra G2 Firmware Version6.9.2 Update-
Johnsoncontrols ≫ Edge G2 Firmware Version < 6.9.2
Johnsoncontrols ≫ Edge G2 Firmware Version6.9.2 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.357 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| productsecurity@jci.com | 7.5 | 1.6 | 5.3 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02