Lucene search

INCIBECVELIST:CVE-2023-3770

HistoryOct 02, 2023 - 1:11 p.m.

CVE-2023-3770 Vulnerability in Ingeteam's INGEPAC DA

2023-10-0213:11:05

CWE-20

INCIBE

www.cve.org

cve-2023-3770

ingeteam's ingepac da

incorrect validation vulnerability

network access

discovery port protocol

device-specific information

authentication

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "INGEPAC DA3451",
    "vendor": "Ingeteam",
    "versions": [
      {
        "status": "affected",
        "version": "0.29.2.42"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Related for CVELIST:CVE-2023-3770