All the vulnerabilites related to Atlas Copco - Power Focus
cve-2023-1897
Vulnerability from cvelistv5
Published
2023-06-12 19:18
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
CVE-2023-1897
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Atlas Copco | Power Focus |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Focus",
"vendor": "Atlas Copco",
"versions": [
{
"status": "affected",
"version": "6000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user\u2019s browser, which could allow an attacker with access to the user\u2019s computer to gain credential information of the controller."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:18:57.026Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1897",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1897"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1897",
"datePublished": "2023-06-12T19:18:57.026Z",
"dateReserved": "2023-04-05T20:12:40.491Z",
"dateUpdated": "2024-08-02T06:05:26.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1898
Vulnerability from cvelistv5
Published
2023-06-12 19:16
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
CVE-2023-1898
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Atlas Copco | Power Focus |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Focus",
"vendor": "Atlas Copco",
"versions": [
{
"status": "affected",
"version": "6000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user\u2019s session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-334 Small Space of Random Values",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:16:40.510Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1898",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1898"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1898",
"datePublished": "2023-06-12T19:16:40.510Z",
"dateReserved": "2023-04-05T20:13:11.974Z",
"dateUpdated": "2024-08-02T06:05:26.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1899
Vulnerability from cvelistv5
Published
2023-06-12 19:13
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
CVE-2023-1899
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Atlas Copco | Power Focus |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Power Focus",
"vendor": "Atlas Copco",
"versions": [
{
"status": "affected",
"version": "6000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:13:51.889Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-1899",
"x_generator": {
"engine": "VINCE 2.1.2",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1899"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1899",
"datePublished": "2023-06-12T19:13:51.889Z",
"dateReserved": "2023-04-05T20:13:27.814Z",
"dateUpdated": "2024-08-02T06:05:26.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}