Lucene search
PRIOn knowledge basePRION:CVE-2023-1514HistoryDec 19, 2023 - 3:15 p.m.
Design/Logic Flaw
2023-12-1915:15:00
PRIOn knowledge base
www.prio-n.com
8
vulnerability
rtu500
scripting interface
identity spoofing
message interception
tls
certificate validation
certification authority
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trustedΒ and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rtu500_scripting_interface | eq | 1.0.2 | |
| rtu500_scripting_interface | eq | 1.1.1 | |
| rtu500_scripting_interface | eq | 1.0.1.30 |
Related
cve
cve
CVE-2023-1514
2023-12-19 15:15:08
cvelist
cvelist
CVE-2023-1514
2023-12-19 14:22:37
nvd
nvd
CVE-2023-1514
2023-12-19 15:15:08