← Back

Snap Pac S1 Firmware

snap_pac_s1_firmware

Vendor: Opto22 • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-40710
1Opto22
1Snap Pac S1 Firmware
Nov 21, 2024
Aug 24, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server com...Show more
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3bShow less
CVE-2023-40709
1Opto22
1Snap Pac S1 Firmware
Nov 21, 2024
Aug 24, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for...Show more
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3bShow less
CVE-2023-40708
1Opto22
1Snap Pac S1 Firmware
Nov 21, 2024
Aug 24, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.
CVE-2023-40707
1Opto22
1Snap Pac S1 Firmware
Nov 21, 2024
Aug 24, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credenti...Show more
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.Show less
CVE-2023-40706
1Opto22
1Snap Pac S1 Firmware
Nov 21, 2024
Aug 24, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login.