Lucene search

[email protected]NVD:CVE-2023-45228

HistoryOct 26, 2023 - 5:15 p.m.

CVE-2023-45228

2023-10-2617:15:09

CWE-284

[email protected]

web.nvd.nist.gov

application vulnerability

access control

http post

user manipulation

cve-2023-45228

security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.

Affected configurations

Nvd

Node

sielcoanalog_fm_transmitter_exc5000gxMatch2.12

AND

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc120gxMatch2.12

AND

sielcoanalog_fm_transmitter_exc120gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc300gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc300gxMatch2.11

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc2000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc2000gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.08

Node

sielcoanalog_fm_transmitter_exc1000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1000gxMatch2.08

Node

sielcoanalog_fm_transmitter_exc3000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc3000gxMatch2.07

Node

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc5000gxMatch2.06

Node

sielcoanalog_fm_transmitter_exc30gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc30gtMatch1.7.7

Node

sielcoanalog_fm_transmitter_exc300gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc300gtMatch1.7.4

Node

sielcoanalog_fm_transmitter_exc100gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc100gtMatch1.7.4

Node

sielcoanalog_fm_transmitter_exc5000gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc5000gtMatch1.7.4

Node

sielcoanalog_fm_transmitter_exc1000gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1000gtMatch1.6.3

Node

sielcoanalog_fm_transmitter_exc120gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc120gtMatch1.5.4

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.06

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.05

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match2.00

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.60

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.59

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match1.55

VendorProductVersionCPE
sielcoanalog_fm_transmitter_exc5000gx2.12cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc5000gx_firmware-cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc120gx2.12cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc120gx_firmware-cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc300gx_firmware-cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc300gx2.11cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc1600gx_firmware-cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc1600gx2.10cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc2000gx_firmware-cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*
sielcoanalog_fm_transmitter_exc2000gx2.10cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sielco	analog_fm_transmitter_exc5000gx	2.12	cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:::::::*
sielco	analog_fm_transmitter_exc5000gx_firmware	-	cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:::::::*
sielco	analog_fm_transmitter_exc120gx	2.12	cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:::::::*
sielco	analog_fm_transmitter_exc120gx_firmware	-	cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:::::::*
sielco	analog_fm_transmitter_exc300gx_firmware	-	cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:::::::*
sielco	analog_fm_transmitter_exc300gx	2.11	cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:::::::*
sielco	analog_fm_transmitter_exc1600gx_firmware	-	cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:::::::*
sielco	analog_fm_transmitter_exc1600gx	2.10	cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:::::::*
sielco	analog_fm_transmitter_exc2000gx_firmware	-	cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:::::::*
sielco	analog_fm_transmitter_exc2000gx	2.10	cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:::::::*

Rows per page:

1-10 of 361

References

www.cisa.gov/news-events/ics-advisories/icsa-23-299-08

www.sielco.org/en/contacts

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Related for NVD:CVE-2023-45228

cvelist1 cve1 prion1 zeroscience2 ics1