Search criteria
3 vulnerabilities by IOSiX
CVE-2024-28878 (GCVE-0-2024-28878)
Vulnerability from cvelistv5 – Published: 2024-04-12 15:21 – Updated: 2024-08-26 18:42
VLAI
Title
IOSIX IO-1020 Micro ELD Download of Code Without Integrity Check
Summary
IO-1020 Micro ELD downloads source code or an executable from an
adjacent location and executes the code without sufficiently verifying
the origin or integrity of the code.
Severity
9.6 (Critical)
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOSiX | IO-1020 Micro ELD |
Affected:
0 , ≤ 360
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:50.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iosix:io-1020_micro_eld:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "io-1020_micro_eld",
"vendor": "iosix",
"versions": [
{
"lessThan": "360",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T20:04:29.238909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:42:52.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IO-1020 Micro ELD",
"vendor": "IOSiX",
"versions": [
{
"lessThanOrEqual": "360",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jake Jepson of Colorado State University reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nIO-1020 Micro ELD downloads source code or an executable from an \nadjacent location and executes the code without sufficiently verifying \nthe origin or integrity of the code.\n\n"
}
],
"value": "\nIO-1020 Micro ELD downloads source code or an executable from an \nadjacent location and executes the code without sufficiently verifying \nthe origin or integrity of the code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T15:21:10.963Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eIOSIX recommends users update to 360.\u003c/p\u003e\n\u003cp\u003eFor further support, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www2.iosix.com/support-2/\"\u003eIOSiX\u003c/a\u003e.\n\n\u003c/p\u003e"
}
],
"value": "IOSIX recommends users update to 360.\n\nFor further support, contact IOSiX https://www2.iosix.com/support-2/ .\n\n"
}
],
"source": {
"advisory": "ICSA-24-093-01",
"discovery": "EXTERNAL"
},
"title": "IOSIX IO-1020 Micro ELD Download of Code Without Integrity Check",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-28878",
"datePublished": "2024-04-12T15:21:10.963Z",
"dateReserved": "2024-03-28T18:24:04.627Z",
"dateUpdated": "2024-08-26T18:42:52.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31069 (GCVE-0-2024-31069)
Vulnerability from cvelistv5 – Published: 2024-04-12 15:18 – Updated: 2024-08-02 01:46
VLAI
Title
IOSIX IO-1020 Micro ELD Use of Default Credentials
Summary
IO-1020 Micro ELD web server uses a default password for authentication.
Severity
7.4 (High)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOSiX | IO-1020 Micro ELD |
Affected:
0 , ≤ 360
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T20:10:19.735101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T20:10:31.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IO-1020 Micro ELD",
"vendor": "IOSiX",
"versions": [
{
"lessThanOrEqual": "360",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jake Jepson of Colorado State University reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIO-1020 Micro ELD web server uses a default password for authentication.\n\n"
}
],
"value": "IO-1020 Micro ELD web server uses a default password for authentication.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T15:18:39.220Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eIOSIX recommends users update to 360.\u003c/p\u003e\n\u003cp\u003eFor further support, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www2.iosix.com/support-2/\"\u003eIOSiX\u003c/a\u003e.\n\n\u003c/p\u003e"
}
],
"value": "IOSIX recommends users update to 360.\n\nFor further support, contact IOSiX https://www2.iosix.com/support-2/ .\n\n"
}
],
"source": {
"advisory": "ICSA-24-093-01",
"discovery": "EXTERNAL"
},
"title": "IOSIX IO-1020 Micro ELD Use of Default Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-31069",
"datePublished": "2024-04-12T15:18:39.220Z",
"dateReserved": "2024-03-28T18:24:04.631Z",
"dateUpdated": "2024-08-02T01:46:04.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30210 (GCVE-0-2024-30210)
Vulnerability from cvelistv5 – Published: 2024-04-12 15:16 – Updated: 2024-08-02 01:25
VLAI
Title
IOSIX IO-1020 Micro ELD Use of Default Credentials
Summary
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.
Severity
7.4 (High)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOSiX | IO-1020 Micro ELD |
Affected:
0 , ≤ 360
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T19:55:51.404174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T19:56:01.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:03.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IO-1020 Micro ELD",
"vendor": "IOSiX",
"versions": [
{
"lessThanOrEqual": "360",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jake Jepson of Colorado State University reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.\n\n"
}
],
"value": "IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T15:16:30.094Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eIOSIX recommends users update to 360.\u003c/p\u003e\n\u003cp\u003eFor further support, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www2.iosix.com/support-2/\"\u003eIOSiX\u003c/a\u003e.\n\n\u003c/p\u003e"
}
],
"value": "IOSIX recommends users update to 360.\n\nFor further support, contact IOSiX https://www2.iosix.com/support-2/ .\n\n"
}
],
"source": {
"advisory": "ICSA-24-093-01",
"discovery": "EXTERNAL"
},
"title": "IOSIX IO-1020 Micro ELD Use of Default Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-30210",
"datePublished": "2024-04-12T15:16:30.094Z",
"dateReserved": "2024-03-28T18:24:04.620Z",
"dateUpdated": "2024-08-02T01:25:03.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}