8.6
CVE-2023-40707
- EPSS 0.47%
- Veröffentlicht 24.08.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:20:00
- Quelle ot-cert@dragos.com
- CVE-Watchlists
- Unerledigt
LoginWeak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opto22 ≫ Snap Pac S1 Firmware Versionr10.3b
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.368 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| ot-cert@dragos.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02