Lucene search

K
cveDIVDCVE-2023-22583
HistoryJun 11, 2023 - 2:15 p.m.

CVE-2023-22583

2023-06-1114:15:09
CWE-89
DIVD
web.nvd.nist.gov
16
danfoss
ak-em100
web forms
sql injection
nvd

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

62.2%

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

Affected configurations

Nvd
Node
danfossak-em100_firmwareRange<2.2.0.12
AND
danfossak-em100Match-
VendorProductVersionCPE
danfossak-em100_firmware*cpe:2.3:o:danfoss:ak-em100_firmware:*:*:*:*:*:*:*:*
danfossak-em100-cpe:2.3:h:danfoss:ak-em100:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AK-EM100",
    "vendor": "Danfoss",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.2.0.12"
      }
    ]
  }
]

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

62.2%

Related for CVE-2023-22583