Vulnerability-Lookup

FKIE_CVE-2023-45317

Vulnerability from fkie_nvd - Published: 2023-10-26 17:15 - Updated: 2024-11-21 08:26

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

References

URL	Tags
ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08	Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://www.sielco.org/en/contacts	Product
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.sielco.org/en/contacts	Product

Impacted products

Vendor	Product	Version
sielco	analog_fm_transmitter_exc5000gx_firmware	-
sielco	analog_fm_transmitter_exc5000gx	2.12
sielco	analog_fm_transmitter_exc120gx_firmware	-
sielco	analog_fm_transmitter_exc120gx	2.12
sielco	analog_fm_transmitter_exc300gx_firmware	-
sielco	analog_fm_transmitter_exc300gx	2.11
sielco	analog_fm_transmitter_exc1600gx_firmware	-
sielco	analog_fm_transmitter_exc1600gx	2.10
sielco	analog_fm_transmitter_exc2000gx_firmware	-
sielco	analog_fm_transmitter_exc2000gx	2.10
sielco	analog_fm_transmitter_exc1600gx_firmware	-
sielco	analog_fm_transmitter_exc1600gx	2.08
sielco	analog_fm_transmitter_exc1000gx_firmware	-
sielco	analog_fm_transmitter_exc1000gx	2.08
sielco	analog_fm_transmitter_exc3000gx_firmware	-
sielco	analog_fm_transmitter_exc3000gx	2.07
sielco	analog_fm_transmitter_exc5000gx_firmware	-
sielco	analog_fm_transmitter_exc5000gx	2.06
sielco	analog_fm_transmitter_exc30gt_firmware	-
sielco	analog_fm_transmitter_exc30gt	1.7.7
sielco	analog_fm_transmitter_exc300gt_firmware	-
sielco	analog_fm_transmitter_exc300gt	1.7.4
sielco	analog_fm_transmitter_exc100gt_firmware	-
sielco	analog_fm_transmitter_exc100gt	1.7.4
sielco	analog_fm_transmitter_exc5000gt_firmware	-
sielco	analog_fm_transmitter_exc5000gt	1.7.4
sielco	analog_fm_transmitter_exc1000gt_firmware	-
sielco	analog_fm_transmitter_exc1000gt	1.6.3
sielco	analog_fm_transmitter_exc120gt_firmware	-
sielco	analog_fm_transmitter_exc120gt	1.5.4
sielco	radio_link_rtx19_firmware	-
sielco	radio_link_rtx19	2.06
sielco	radio_link_rtx19_firmware	-
sielco	radio_link_rtx19	2.05
sielco	radio_link_exc19_firmware	-
sielco	radio_link_exc19	2.00
sielco	radio_link_rtx19_firmware	-
sielco	radio_link_rtx19	1.60
sielco	radio_link_rtx19_firmware	-
sielco	radio_link_rtx19	1.59
sielco	radio_link_exc19_firmware	-
sielco	radio_link_exc19	1.55

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E56078-45E6-40B6-AD56-754417AA612D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27380E3-5787-4C7F-96AE-E834040EA173",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C80C4E0-99B6-4613-8177-16F48262D5A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C02CE8-16FD-4806-8D63-BA9FDAC1F71A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67169423-AF07-472D-A6AC-824C984CCF1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "11F2CB0B-24EF-4936-9C66-D0AD36C9A7E8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2441008F-E40A-444B-8ECA-1EADE30BD10A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "427F22A9-A765-406D-B69F-EAC2F6135D39",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA6B6755-024E-415E-AFED-3D400EF1AF4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "19520B42-0049-4CE7-9EE0-B42235868837",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2441008F-E40A-444B-8ECA-1EADE30BD10A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48F458B-DF3C-4BD8-9B2F-3C1912A46A1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2AC526C-AC1D-4B86-8DA8-7FDC5EE048AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC90D2A-2A31-47DF-9417-03CA14537DC8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BAEA126-26DC-46D4-B2DC-9D654E40AE69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "03644DDC-CA02-40B3-88B9-CF7A0652B6C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E56078-45E6-40B6-AD56-754417AA612D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70C0CCF-B3FC-4C4E-8452-06332F7C6531",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1422AD55-64A5-449C-8DC9-D3A0F94CF88B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89B2915-7248-473D-82DB-987CBB27C88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "225AF1A9-BAFD-4282-87FD-01DC3B4F7F2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44224EB-5D1B-4384-BE01-1D5F9BE04F0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20109CEA-108E-4FEE-83C1-7FF47A33B8C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F852823F-D669-4A3D-9FA1-5A9BA85949D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700ACAC-39AA-43D4-BDCA-F97FF223AB7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB21956-92FB-4837-A173-904152486545",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88C8279-347E-4179-9429-B54A3EADDF92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1443832-3C4E-4795-B333-BFE877755D57",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76D25F5-5B8F-4560-96E2-7D6922BCBF72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D319A987-73D1-401A-9A23-F207DBC6E3B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E32597B-BFDA-40BA-B8BA-889AC1F695B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ECF7A90-EBF5-47B9-8BB0-F37B6D7A963A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234A6FEA-8292-48A5-8C60-2A8976E4740F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABF0512B-EE6F-496F-A561-2B5F94AB0670",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "65490A2B-74B0-455B-BBD4-8143939BC5CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4D0FD7-079E-4781-AA84-9528528B29A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "234A6FEA-8292-48A5-8C60-2A8976E4740F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6442DD6-095D-47BF-BBA6-0634C20D62D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
    },
    {
      "lang": "es",
      "value": "La interfaz de la aplicaci\u00f3n permite a los usuarios realizar ciertas acciones a trav\u00e9s de solicitudes HTTP sin realizar ninguna verificaci\u00f3n de validez para verificar las solicitudes. Esto se puede aprovechar para realizar determinadas acciones con privilegios administrativos si un usuario que ha iniciado sesi\u00f3n visita un sitio web malicioso."
    }
  ],
  "id": "CVE-2023-45317",
  "lastModified": "2024-11-21T08:26:44.037",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-26T17:15:09.177",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Product"
      ],
      "url": "https://www.sielco.org/en/contacts"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.sielco.org/en/contacts"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2023-45317 (GCVE-0-2023-45317)

Vulnerability from cvelistv5 – Published: 2023-10-26 16:17 – Updated: 2025-01-16 21:28

Title

Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-352 - Cross-Site Request Forgery

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	https://www.sielco.org/en/contacts

Impacted products

Vendor

Product

Version

Sielco

Analog FM transmitter

Affected: 2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX)
Affected: 2.11 (EXC300GX)
Affected: 2.10 (EXC1600GX)
Affected: 2.10 (EXC2000GX)
Affected: 2.08 (EXC1600GX)
Affected: 2.08 (EXC1000GX)
Affected: 2.07 (EXC3000GX)
Affected: 2.06 (EXC5000GX)
Affected: 1.7.7 (EXC30GT)
Affected: 1.7.4 (EXC300GT)
Affected: 1.7.4 (EXC100GT)
Affected: 1.7.4 (EXC5000GT)
Affected: 1.6.3 (EXC1000GT)
Affected: 1.5.4 (EXC120GT)

Sielco

Radio Link

Affected: 2.06 (RTX19)
Affected: 2.05 (RTX19)
Affected: 2.00 (EXC19)
Affected: 1.60 (RTX19)
Affected: 1.59 (RTX19)
Affected: 1.55 (EXC19)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:15.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sielco.org/en/contacts"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45317",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:20:07.199578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:28:15.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Analog FM transmitter",
          "vendor": "Sielco",
          "versions": [
            {
              "status": "affected",
              "version": "2.12 (EXC5000GX)"
            },
            {
              "status": "affected",
              "version": "2.12 (EXC120GX)"
            },
            {
              "status": "affected",
              "version": "2.11 (EXC300GX)"
            },
            {
              "status": "affected",
              "version": "2.10 (EXC1600GX)"
            },
            {
              "status": "affected",
              "version": "2.10 (EXC2000GX)"
            },
            {
              "status": "affected",
              "version": "2.08 (EXC1600GX)"
            },
            {
              "status": "affected",
              "version": "2.08 (EXC1000GX)"
            },
            {
              "status": "affected",
              "version": "2.07 (EXC3000GX)"
            },
            {
              "status": "affected",
              "version": "2.06 (EXC5000GX)"
            },
            {
              "status": "affected",
              "version": "1.7.7 (EXC30GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC300GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC100GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC5000GT)"
            },
            {
              "status": "affected",
              "version": "1.6.3 (EXC1000GT)"
            },
            {
              "status": "affected",
              "version": "1.5.4 (EXC120GT)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Radio Link",
          "vendor": "Sielco ",
          "versions": [
            {
              "status": "affected",
              "version": "2.06 (RTX19)"
            },
            {
              "status": "affected",
              "version": "2.05 (RTX19)"
            },
            {
              "status": "affected",
              "version": "2.00 (EXC19)"
            },
            {
              "status": "affected",
              "version": "1.60 (RTX19)"
            },
            {
              "status": "affected",
              "version": "1.59 (RTX19)"
            },
            {
              "status": "affected",
              "version": "1.55 (EXC19)"
            }
          ]
        }
      ],
      "datePublic": "2023-10-26T16:02:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
            }
          ],
          "value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-26T16:17:37.365Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
        },
        {
          "url": "https://www.sielco.org/en/contacts"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-45317",
    "datePublished": "2023-10-26T16:17:37.365Z",
    "dateReserved": "2023-10-25T15:23:55.532Z",
    "dateUpdated": "2025-01-16T21:28:15.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2023-45317

CVE-2023-45317 (GCVE-0-2023-45317)

Tags

Sightings

Nomenclature