Lucene search

IcscertCVELIST:CVE-2024-8310

HistorySep 27, 2024 - 4:33 p.m.

CVE-2024-8310 OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function

2024-09-2716:33:39

CWE-306

icscert

www.cve.org

opw fuel management systems

sitesentinel

missing authentication

server

admin privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SiteSentinel",
    "vendor": "OPW Fuel Managements Systems",
    "versions": [
      {
        "lessThan": "17Q2.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-268-01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-8310