Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for Storage Box V2 by SENEC
CVE-2023-39171 (GCVE-0-2023-39171)
Vulnerability from cvelistv5 – Published: 2023-12-07 14:23 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC Storage Box V1,V2 and V3 accidentially expose a management interface
Summary
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
Severity
7.2 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V2 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V3 |
Affected:
before Nov. 2023
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:39.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/2"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
}
],
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T14:23:57.124Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/2"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC Storage Box V1,V2 and V3 accidentially expose a management interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39171",
"datePublished": "2023-12-07T14:23:57.124Z",
"dateReserved": "2023-07-25T14:06:01.345Z",
"dateUpdated": "2025-11-04T19:17:39.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39169 (GCVE-0-2023-39169)
Vulnerability from cvelistv5 – Published: 2023-12-07 14:14 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC: Storage Box V1,V2 and V3 using default credentials
Summary
The affected devices use publicly available default credentials with administrative privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V2 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V3 |
Affected:
before Nov. 2023
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:37.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39169",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-11T16:28:14.264376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T14:41:44.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected devices use publicly available default credentials with administrative privileges."
}
],
"value": "The affected devices use publicly available default credentials with administrative privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:37:14.233Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/3"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC: Storage Box V1,V2 and V3 using default credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39169",
"datePublished": "2023-12-07T14:14:43.336Z",
"dateReserved": "2023-07-25T14:06:01.344Z",
"dateUpdated": "2025-11-04T19:17:37.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39167 (GCVE-0-2023-39167)
Vulnerability from cvelistv5 – Published: 2023-12-07 14:05 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability
Summary
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.
Severity
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
all (until 19.06.2023)
|
|
| SENEC | Storage Box V2 |
Affected:
all (until 19.06.2023)
|
|
| SENEC | Storage Box V3 |
Affected:
all (until 19.06.2023)
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:34.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/5"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "all (until 19.06.2023)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "all (until 19.06.2023)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "all (until 19.06.2023)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In\u0026nbsp;SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices\u0027 logfiles that contain sensitive data."
}
],
"value": "In\u00a0SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices\u0027 logfiles that contain sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:35:53.018Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/5"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "EXTERNAL"
},
"title": "SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39167",
"datePublished": "2023-12-07T14:05:01.746Z",
"dateReserved": "2023-07-25T14:06:01.343Z",
"dateUpdated": "2025-11-04T19:17:34.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39172 (GCVE-0-2023-39172)
Vulnerability from cvelistv5 – Published: 2023-12-07 13:58 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted
Summary
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.
Severity
9.1 (Critical)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
V1
|
|
| SENEC | Storage Box V2 |
Affected:
V2
|
|
| SENEC | Storage Box V3 |
Affected:
V3
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:41.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/4"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "V1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "V2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "V3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic."
}
],
"value": "The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T14:00:24.457Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/4"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39172",
"datePublished": "2023-12-07T13:58:56.198Z",
"dateReserved": "2023-07-25T14:06:01.345Z",
"dateUpdated": "2025-11-04T19:17:41.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39171 (GCVE-0-2023-39171)
Vulnerability from nvd – Published: 2023-12-07 14:23 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC Storage Box V1,V2 and V3 accidentially expose a management interface
Summary
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
Severity
7.2 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V2 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V3 |
Affected:
before Nov. 2023
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:39.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/2"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
}
],
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T14:23:57.124Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/2"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC Storage Box V1,V2 and V3 accidentially expose a management interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39171",
"datePublished": "2023-12-07T14:23:57.124Z",
"dateReserved": "2023-07-25T14:06:01.345Z",
"dateUpdated": "2025-11-04T19:17:39.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39169 (GCVE-0-2023-39169)
Vulnerability from nvd – Published: 2023-12-07 14:14 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC: Storage Box V1,V2 and V3 using default credentials
Summary
The affected devices use publicly available default credentials with administrative privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V2 |
Affected:
before Nov. 2023
|
|
| SENEC | Storage Box V3 |
Affected:
before Nov. 2023
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:37.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/3"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39169",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-11T16:28:14.264376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T14:41:44.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "before Nov. 2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected devices use publicly available default credentials with administrative privileges."
}
],
"value": "The affected devices use publicly available default credentials with administrative privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:37:14.233Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/3"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC: Storage Box V1,V2 and V3 using default credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39169",
"datePublished": "2023-12-07T14:14:43.336Z",
"dateReserved": "2023-07-25T14:06:01.344Z",
"dateUpdated": "2025-11-04T19:17:37.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39167 (GCVE-0-2023-39167)
Vulnerability from nvd – Published: 2023-12-07 14:05 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability
Summary
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.
Severity
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
all (until 19.06.2023)
|
|
| SENEC | Storage Box V2 |
Affected:
all (until 19.06.2023)
|
|
| SENEC | Storage Box V3 |
Affected:
all (until 19.06.2023)
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:34.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/5"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "all (until 19.06.2023)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "all (until 19.06.2023)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "all (until 19.06.2023)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In\u0026nbsp;SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices\u0027 logfiles that contain sensitive data."
}
],
"value": "In\u00a0SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices\u0027 logfiles that contain sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:35:53.018Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/5"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "EXTERNAL"
},
"title": "SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39167",
"datePublished": "2023-12-07T14:05:01.746Z",
"dateReserved": "2023-07-25T14:06:01.343Z",
"dateUpdated": "2025-11-04T19:17:34.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39172 (GCVE-0-2023-39172)
Vulnerability from nvd – Published: 2023-12-07 13:58 – Updated: 2025-11-04 19:17
VLAI
Title
SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted
Summary
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.
Severity
9.1 (Critical)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SENEC | Storage Box V1 |
Affected:
V1
|
|
| SENEC | Storage Box V2 |
Affected:
V2
|
|
| SENEC | Storage Box V3 |
Affected:
V3
|
Date Public
2023-12-07 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:17:41.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Nov/4"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Box V1",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "V1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V2",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "V2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Storage Box V3",
"vendor": "SENEC",
"versions": [
{
"status": "affected",
"version": "V3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ph0s[4]"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R0ckE7"
}
],
"datePublic": "2023-12-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic."
}
],
"value": "The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T14:00:24.457Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/4"
}
],
"source": {
"defect": [
"CERT@VDE#64567"
],
"discovery": "UNKNOWN"
},
"title": "SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-39172",
"datePublished": "2023-12-07T13:58:56.198Z",
"dateReserved": "2023-07-25T14:06:01.345Z",
"dateUpdated": "2025-11-04T19:17:41.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}