CVE-2023-42769

EPSS 0.79%
Veröffentlicht 26.10.2023 17:15:08
Zuletzt bearbeitet 21.11.2024 08:23:07
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Sielco Radio Link and Analog FM Transmitters Improper Access Control

The cookie session ID is of insufficient length and can be exploited by 
brute force, which may allow a remote attacker to obtain a valid 
session, bypass authentication, and manipulate the transmitter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 21 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sielco ≫ Analog Fm Transmitter Exc5000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc5000gx Version2.12

Sielco ≫ Analog Fm Transmitter Exc120gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc120gx Version2.12

Sielco ≫ Analog Fm Transmitter Exc300gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc300gx Version2.11

Sielco ≫ Analog Fm Transmitter Exc1600gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1600gx Version2.10

Sielco ≫ Analog Fm Transmitter Exc2000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc2000gx Version2.10

Sielco ≫ Analog Fm Transmitter Exc1600gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1600gx Version2.08

Sielco ≫ Analog Fm Transmitter Exc1000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1000gx Version2.08

Sielco ≫ Analog Fm Transmitter Exc3000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc3000gx Version2.07

Sielco ≫ Analog Fm Transmitter Exc5000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc5000gx Version2.06

Sielco ≫ Analog Fm Transmitter Exc30gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc30gt Version1.7.7

Sielco ≫ Analog Fm Transmitter Exc300gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc300gt Version1.7.4

Sielco ≫ Analog Fm Transmitter Exc100gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc100gt Version1.7.4

Sielco ≫ Analog Fm Transmitter Exc5000gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc5000gt Version1.7.4

Sielco ≫ Analog Fm Transmitter Exc1000gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1000gt Version1.6.3

Sielco ≫ Analog Fm Transmitter Exc120gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc120gt Version1.5.4

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version2.06

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version2.05

Sielco ≫ Radio Link Exc19 Firmware Version-

Sielco ≫ Radio Link Exc19 Version2.00

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version1.60

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version1.59

Sielco ≫ Radio Link Exc19 Firmware Version-

Sielco ≫ Radio Link Exc19 Version1.55

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.513

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08

Third Party Advisory

US Government Resource

https://www.sielco.org/en/contacts

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-42769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42769

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-42769