Lucene search

CERTVDECVELIST:CVE-2023-2880

HistoryJul 05, 2023 - 9:04 a.m.

CVE-2023-2880 Frauscher Sensortechnik Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability

2023-07-0509:04:28

CWE-22

CERTVDE

www.cve.org

frauscher sensortechnik

fds001

path traversal

vulnerability

web interface

remote attacker

filesystem

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Diagnostic System FDS101 for FAdC/FAdCi",
    "vendor": "Frauscher Sensortechnik",
    "versions": [
      {
        "lessThanOrEqual": "1.3.3",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-011/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

Related for CVELIST:CVE-2023-2880