Lucene search

DragosCVELIST:CVE-2023-40710

HistoryAug 24, 2023 - 4:09 p.m.

CVE-2023-40710

2023-08-2416:09:25

CWE-770

Dragos

www.cve.org

adversary

restart loop

snmp web server

snap pac s1 firmware r10.3b

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

34.3%

JSON

An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SNAP PAC S1",
    "vendor": "OPTO 22",
    "versions": [
      {
        "status": "affected",
        "version": "R10.3b"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

34.3%

JSON

Related for CVELIST:CVE-2023-40710