Search criteria
11 vulnerabilities by Sielco
CVE-2023-46665 (GCVE-0-2023-46665)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:08 – Updated: 2025-01-16 21:26
VLAI?
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:24.780289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:57.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\u003c/p\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:08:22.908Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46665",
"datePublished": "2023-10-26T20:08:22.908Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:26:57.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46664 (GCVE-0-2023-46664)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:04 – Updated: 2025-01-16 21:27
VLAI?
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:36.232976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:05.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:04:33.638Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46664",
"datePublished": "2023-10-26T20:04:33.638Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:05.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46663 (GCVE-0-2023-46663)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:02 – Updated: 2025-01-16 21:27
VLAI?
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:39.161131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:13.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:02:24.004Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46663",
"datePublished": "2023-10-26T20:02:24.004Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:13.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46662 (GCVE-0-2023-46662)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:00 – Updated: 2025-01-16 21:27
VLAI?
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:42.009994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:22.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:00:05.085Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46662",
"datePublished": "2023-10-26T20:00:05.085Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:22.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46661 (GCVE-0-2023-46661)
Vulnerability from cvelistv5 – Published: 2023-10-26 19:57 – Updated: 2025-01-16 21:27
VLAI?
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
Severity ?
9.8 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:27.511840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:31.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:57:12.046Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46661",
"datePublished": "2023-10-26T19:57:12.046Z",
"dateReserved": "2023-10-24T16:27:17.281Z",
"dateUpdated": "2025-01-16T21:27:31.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5754 (GCVE-0-2023-5754)
Vulnerability from cvelistv5 – Published: 2023-10-26 19:47 – Updated: 2025-01-16 21:27
VLAI?
Title
Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
Summary
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Severity ?
9.1 (Critical)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:31.175439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:38.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:47:06.226Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5754",
"datePublished": "2023-10-26T19:47:06.226Z",
"dateReserved": "2023-10-24T16:24:16.565Z",
"dateUpdated": "2025-01-16T21:27:38.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0897 (GCVE-0-2023-0897)
Vulnerability from cvelistv5 – Published: 2023-10-26 19:44 – Updated: 2025-01-16 21:27
VLAI?
Title
Session FIxation in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Severity ?
8.8 (High)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
Gjoko Krstic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:00.626921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:45.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:44:01.703Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session FIxation in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0897",
"datePublished": "2023-10-26T19:44:01.703Z",
"dateReserved": "2023-02-17T21:23:31.932Z",
"dateUpdated": "2025-01-16T21:27:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41966 (GCVE-0-2023-41966)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:21 – Updated: 2025-01-16 21:28
VLAI?
Title
Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions
Summary
The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.
Severity ?
6.5 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:51.607180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:02.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:21:56.412Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-41966",
"datePublished": "2023-10-26T16:21:56.412Z",
"dateReserved": "2023-10-25T15:23:55.519Z",
"dateUpdated": "2025-01-16T21:28:02.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45228 (GCVE-0-2023-45228)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:19 – Updated: 2025-01-16 21:28
VLAI?
Title
Sielco Radio Link and Analog FM Transmitters Improper Access Control
Summary
The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:55.827236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:09.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
}
],
"value": "\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:19:41.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-45228",
"datePublished": "2023-10-26T16:19:41.642Z",
"dateReserved": "2023-10-25T15:23:55.527Z",
"dateUpdated": "2025-01-16T21:28:09.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45317 (GCVE-0-2023-45317)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:17 – Updated: 2025-01-16 21:28
VLAI?
Title
Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery
Summary
The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the
requests. This can be exploited to perform certain actions with
administrative privileges if a logged-in user visits a malicious web
site.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:07.199578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:15.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
}
],
"value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:17:37.365Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-45317",
"datePublished": "2023-10-26T16:17:37.365Z",
"dateReserved": "2023-10-25T15:23:55.532Z",
"dateUpdated": "2025-01-16T21:28:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42769 (GCVE-0-2023-42769)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:15 – Updated: 2025-01-16 21:28
VLAI?
Title
Sielco Radio Link and Analog FM Transmitters Improper Access Control
Summary
The cookie session ID is of insufficient length and can be exploited by
brute force, which may allow a remote attacker to obtain a valid
session, bypass authentication, and manipulate the transmitter.
Severity ?
9.8 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:35.040144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:22.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nThe cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
}
],
"value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:15:17.707Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-42769",
"datePublished": "2023-10-26T16:15:17.707Z",
"dateReserved": "2023-10-25T15:23:55.536Z",
"dateUpdated": "2025-01-16T21:28:22.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}