CVE-2023-46663

Published: Oct 26, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

Affected (9)

Products: Sielco: Polyeco500 Firmware, Polyeco300 Firmware, Polyeco1000 Firmware

3 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sielco Polyeco500 Firmware	Version 1.7.0
Sielco Polyeco500 Firmware	Version 10.16

Running on/with	Platform Versions
Sielco Polyeco500	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sielco Polyeco300 Firmware	Version 10.19
Sielco Polyeco300 Firmware	Version 2.0.0
Sielco Polyeco300 Firmware	Version 2.0.2

Running on/with	Platform Versions
Sielco Polyeco300	All versions

Configuration C

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sielco Polyeco1000 Firmware	Version 1.9.3
Sielco Polyeco1000 Firmware	Version 1.9.4
Sielco Polyeco1000 Firmware	Version 10.19
Sielco Polyeco1000 Firmware	Version 2.0.6

Running on/with	Platform Versions
Sielco Polyeco1000	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.