CVE-2023-45317

EPSS 0.24%
Veröffentlicht 26.10.2023 17:15:09
Zuletzt bearbeitet 21.11.2024 08:26:44
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery

The application interface allows users to perform certain actions via 
HTTP requests without performing any validity checks to verify the 
requests. This can be exploited to perform certain actions with 
administrative privileges if a logged-in user visits a malicious web 
site.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 21 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sielco ≫ Analog Fm Transmitter Exc5000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc5000gx Version2.12

Sielco ≫ Analog Fm Transmitter Exc120gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc120gx Version2.12

Sielco ≫ Analog Fm Transmitter Exc300gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc300gx Version2.11

Sielco ≫ Analog Fm Transmitter Exc1600gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1600gx Version2.10

Sielco ≫ Analog Fm Transmitter Exc2000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc2000gx Version2.10

Sielco ≫ Analog Fm Transmitter Exc1600gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1600gx Version2.08

Sielco ≫ Analog Fm Transmitter Exc1000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1000gx Version2.08

Sielco ≫ Analog Fm Transmitter Exc3000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc3000gx Version2.07

Sielco ≫ Analog Fm Transmitter Exc5000gx Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc5000gx Version2.06

Sielco ≫ Analog Fm Transmitter Exc30gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc30gt Version1.7.7

Sielco ≫ Analog Fm Transmitter Exc300gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc300gt Version1.7.4

Sielco ≫ Analog Fm Transmitter Exc100gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc100gt Version1.7.4

Sielco ≫ Analog Fm Transmitter Exc5000gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc5000gt Version1.7.4

Sielco ≫ Analog Fm Transmitter Exc1000gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc1000gt Version1.6.3

Sielco ≫ Analog Fm Transmitter Exc120gt Firmware Version-

Sielco ≫ Analog Fm Transmitter Exc120gt Version1.5.4

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version2.06

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version2.05

Sielco ≫ Radio Link Exc19 Firmware Version-

Sielco ≫ Radio Link Exc19 Version2.00

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version1.60

Sielco ≫ Radio Link Rtx19 Firmware Version-

Sielco ≫ Radio Link Rtx19 Version1.59

Sielco ≫ Radio Link Exc19 Firmware Version-

Sielco ≫ Radio Link Exc19 Version1.55

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08

Third Party Advisory

US Government Resource

https://www.sielco.org/en/contacts

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-45317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45317

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-45317