Efacec

efacec

6 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Uc 500e Firmware

uc_500e_firmware

Bcu 500 Firmware

bcu_500_firmware

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6689 1Efacec 1Bcu 500 Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.
CVE-2023-50707 1Efacec 1Bcu 500 Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.
CVE-2023-50706 1Efacec 1Uc 500e Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.
CVE-2023-50705 1Efacec 1Uc 500e Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An attacker could create malicious requests to obtain sensitive information about the web server.
CVE-2023-50704 1Efacec 1Uc 500e Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.
CVE-2023-50703 1Efacec 1Uc 500e Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.