Lucene search

JpcertCVE-2023-23901

HistoryMay 10, 2023 - 6:15 a.m.

CVE-2023-23901

2023-05-1006:15:11

CWE-295

jpcert

web.nvd.nist.gov

cve-2023-23901

certificate chain trust

skybridge mb-a200

skybridge basic mb-a130

firmware vulnerability

eavesdropping

webui communication

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Improper following of a certificate’s chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.

Affected configurations

Nvd

Node

seiko-solskybridge_basic_mb-a130_firmwareRange≤1.4.1

AND

seiko-solskybridge_basic_mb-a130Match-

Node

seiko-solskybridge_mb-a200_firmwareRange≤01.00.05

AND

seiko-solskybridge_mb-a200Match-

VendorProductVersionCPE
seiko-solskybridge_basic_mb-a130_firmware*cpe:2.3:o:seiko-sol:skybridge_basic_mb-a130_firmware:*:*:*:*:*:*:*:*
seiko-solskybridge_basic_mb-a130-cpe:2.3:h:seiko-sol:skybridge_basic_mb-a130:-:*:*:*:*:*:*:*
seiko-solskybridge_mb-a200_firmware*cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*
seiko-solskybridge_mb-a200-cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
seiko-sol	skybridge_basic_mb-a130_firmware	*	cpe:2.3:o:seiko-sol:skybridge_basic_mb-a130_firmware::::::::
seiko-sol	skybridge_basic_mb-a130	-	cpe:2.3:h:seiko-sol:skybridge_basic_mb-a130:-:::::::*
seiko-sol	skybridge_mb-a200_firmware	*	cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware::::::::
seiko-sol	skybridge_mb-a200	-	cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:::::::*

CNA Affected

[
  {
    "vendor": "Seiko Solutions Inc.",
    "product": "SkyBridge MB-A200 and SkyBridge BASIC MB-A130",
    "versions": [
      {
        "version": "SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN40604023/

www.seiko-sol.co.jp/archives/73969/

www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/

www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/

www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/

www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Related for CVE-2023-23901