9.8
CVE-2023-5754
- EPSS 0.08%
- Veröffentlicht 26.10.2023 20:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:25
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sielco ≫ Polyeco500 Firmware Version1.7.0 SwEditioncpu
Sielco ≫ Polyeco500 Firmware Version10.16 SwEditionfpga
Sielco ≫ Polyeco300 Firmware Version2.0.0 SwEditioncpu
Sielco ≫ Polyeco300 Firmware Version2.0.2 SwEditioncpu
Sielco ≫ Polyeco300 Firmware Version10.19 SwEditionfpga
Sielco ≫ Polyeco1000 Firmware Version1.9.3 SwEditioncpu
Sielco ≫ Polyeco1000 Firmware Version1.9.4 SwEditioncpu
Sielco ≫ Polyeco1000 Firmware Version2.0.6 SwEditioncpu
Sielco ≫ Polyeco1000 Firmware Version10.19 SwEditionfpga
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.242 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.