7.5
CVE-2023-38422
- EPSS 0.08%
- Veröffentlicht 23.08.2023 22:15:08
- Zuletzt bearbeitet 21.11.2024 08:13:32
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginWalchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Walchem ≫ Intuition 9 Firmware Version < 4.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.236 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.