Lucene search

INCIBECVELIST:CVE-2023-2003

HistoryJul 13, 2023 - 11:25 a.m.

CVE-2023-2003 Embedded malicious code vulnerability in Unitronics Vision1210

2023-07-1311:25:03

CWE-506

INCIBE

www.cve.org

cve-2023-2003

base64-encoded malicious code

pcom protocol

remote attacker

data tables

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device’s data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vision1210",
    "vendor": "Unitronics",
    "versions": [
      {
        "status": "affected",
        "version": "4.3, build 5"
      }
    ]
  }
]

References

www.hackplayers.com/2023/07/vulnerabilidad-vision1210-unitronics.html

www.incibe.es/en/incibe-cert/notices/aviso-sci/embedded-malicious-code-vulnerability-unitronics-vision1210

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for CVELIST:CVE-2023-2003