Lucene search

IcscertCVE-2023-5754

HistoryOct 26, 2023 - 8:15 p.m.

CVE-2023-5754

2023-10-2620:15:08

CWE-307

icscert

web.nvd.nist.gov

sielco polyeco1000

weak credentials

remote password attack

cve-2023-5754

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

Affected configurations

Nvd

Node

sielcopolyeco500Match-

AND

sielcopolyeco500_firmwareMatch1.7.0cpu

sielcopolyeco500_firmwareMatch10.16fpga

Node

sielcopolyeco300Match-

AND

sielcopolyeco300_firmwareMatch2.0.0cpu

sielcopolyeco300_firmwareMatch2.0.2cpu

sielcopolyeco300_firmwareMatch10.19fpga

Node

sielcopolyeco1000Match-

AND

sielcopolyeco1000_firmwareMatch1.9.3cpu

sielcopolyeco1000_firmwareMatch1.9.4cpu

sielcopolyeco1000_firmwareMatch2.0.6cpu

sielcopolyeco1000_firmwareMatch10.19fpga

VendorProductVersionCPE
sielcopolyeco500-cpe:2.3:h:sielco:polyeco500:-:*:*:*:*:*:*:*
sielcopolyeco500_firmware1.7.0cpe:2.3:o:sielco:polyeco500_firmware:1.7.0:*:*:*:cpu:*:*:*
sielcopolyeco500_firmware10.16cpe:2.3:o:sielco:polyeco500_firmware:10.16:*:*:*:fpga:*:*:*
sielcopolyeco300-cpe:2.3:h:sielco:polyeco300:-:*:*:*:*:*:*:*
sielcopolyeco300_firmware2.0.0cpe:2.3:o:sielco:polyeco300_firmware:2.0.0:*:*:*:cpu:*:*:*
sielcopolyeco300_firmware2.0.2cpe:2.3:o:sielco:polyeco300_firmware:2.0.2:*:*:*:cpu:*:*:*
sielcopolyeco300_firmware10.19cpe:2.3:o:sielco:polyeco300_firmware:10.19:*:*:*:fpga:*:*:*
sielcopolyeco1000-cpe:2.3:h:sielco:polyeco1000:-:*:*:*:*:*:*:*
sielcopolyeco1000_firmware1.9.3cpe:2.3:o:sielco:polyeco1000_firmware:1.9.3:*:*:*:cpu:*:*:*
sielcopolyeco1000_firmware1.9.4cpe:2.3:o:sielco:polyeco1000_firmware:1.9.4:*:*:*:cpu:*:*:*

Vendor	Product	Version	CPE
sielco	polyeco500	-	cpe:2.3:h:sielco:polyeco500:-:::::::*
sielco	polyeco500_firmware	1.7.0	cpe:2.3:o:sielco:polyeco500_firmware:1.7.0::::cpu:::
sielco	polyeco500_firmware	10.16	cpe:2.3:o:sielco:polyeco500_firmware:10.16::::fpga:::
sielco	polyeco300	-	cpe:2.3:h:sielco:polyeco300:-:::::::*
sielco	polyeco300_firmware	2.0.0	cpe:2.3:o:sielco:polyeco300_firmware:2.0.0::::cpu:::
sielco	polyeco300_firmware	2.0.2	cpe:2.3:o:sielco:polyeco300_firmware:2.0.2::::cpu:::
sielco	polyeco300_firmware	10.19	cpe:2.3:o:sielco:polyeco300_firmware:10.19::::fpga:::
sielco	polyeco1000	-	cpe:2.3:h:sielco:polyeco1000:-:::::::*
sielco	polyeco1000_firmware	1.9.3	cpe:2.3:o:sielco:polyeco1000_firmware:1.9.3::::cpu:::
sielco	polyeco1000_firmware	1.9.4	cpe:2.3:o:sielco:polyeco1000_firmware:1.9.4::::cpu:::

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PolyEco1000",
    "vendor": "Sielco ",
    "versions": [
      {
        "status": "affected",
        "version": "CPU:2.0.6 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:1.9.4 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:1.9.3 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:1.7.0 FPGA:10.16"
      },
      {
        "status": "affected",
        "version": "CPU:2.0.2 FPGA:10.19"
      },
      {
        "status": "affected",
        "version": "CPU:2.0.0 FPGA:10.19"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-299-07

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

43.8%

JSON

Related for CVE-2023-5754