Lucene search

[email protected]CVE-2023-22805

HistoryFeb 15, 2023 - 6:15 p.m.

CVE-2023-22805

2023-02-1518:15:11

NVD-CWE-noinfo

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-22805

ls electric

xbc-dn32u

improper access control

remote attacker

data reading

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.8 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

36.0%

JSON

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.

CPENameOperatorVersion
ls-electric:xbc-dn32u_firmwarels-electric xbc-dn32u firmwareeq01.80

CPE	Name	Operator	Version
ls-electric:xbc-dn32u_firmware	ls-electric xbc-dn32u firmware	eq	01.80

References

www.cisa.gov/uscert/ics/advisories/icsa-23-040-02

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

4.8 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for CVE-2023-22805

cvelist1 cnvd1 prion1 ics1