CVE-2023-50705

EPSS 0.52%
Veröffentlicht 20.12.2023 00:15:09
Zuletzt bearbeitet 21.11.2024 08:37:10
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Exposure of Sensitive Information to an Unauthorized Actor in EFACEC UC 500E









An attacker could create malicious requests to obtain sensitive information about the web server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Efacec ≫ Uc 500e Firmware Version10.1.0

Efacec ≫ Uc 500e Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.397

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ics-cert@hq.dhs.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-50705

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50705

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50705

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-50705