8.1
CVE-2023-46663
- EPSS 0.44%
- Veröffentlicht 26.10.2023 21:15:07
- Zuletzt bearbeitet 21.11.2024 08:29:00
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginImproper Access Control in Sielco PolyEco1000
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sielco ≫ Polyeco500 Firmware Version1.7.0 SwEditioncpu
Sielco ≫ Polyeco500 Firmware Version10.16 SwEditionfpga
Sielco ≫ Polyeco300 Firmware Version2.0.0 SwEditioncpu
Sielco ≫ Polyeco300 Firmware Version2.0.2 SwEditioncpu
Sielco ≫ Polyeco300 Firmware Version10.19 SwEditionfpga
Sielco ≫ Polyeco1000 Firmware Version1.9.3 SwEditioncpu
Sielco ≫ Polyeco1000 Firmware Version1.9.4 SwEditioncpu
Sielco ≫ Polyeco1000 Firmware Version2.0.6 SwEditioncpu
Sielco ≫ Polyeco1000 Firmware Version10.19 SwEditionfpga
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.351 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07