CVE-2023-40708

Published: Aug 24, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.

Affected (1)

Products: Opto22: Snap Pac S1 Firmware

Opto22

1 product

Snap Pac S1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opto22 Snap Pac S1 Firmware	Version r10.3b

Running on/with	Platform Versions
Opto22 Snap Pac S1	All versions

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

Source: ot-cert@dragos.com

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.