CVE-2023-45912

Published: Oct 18, 2023Modified: Jan 9, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings.

Affected (2)

Products: Wipotec: Comscale

Wipotec

1 product

Comscale

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wipotec Comscale	Version 4.3.29.21344
Wipotec Comscale	Version 4.4.12.723

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45912

Source: cve@mitre.org

https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.