Lucene search

DragosVULNRICHMENT:CVE-2023-40709

HistoryAug 24, 2023 - 4:08 p.m.

CVE-2023-40709 Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server

2023-08-2416:08:47

CWE-770

Dragos

github.com

resource consumption

opto 22

snap pac s1

web server

adversary

icmp requests

configuration

firmware r10.3b

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b

References

www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-40709