The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 | Third Party Advisory US Government Resource |
https://www.sielco.org/en/contacts | Product |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 | Third Party Advisory US Government Resource |
https://www.sielco.org/en/contacts | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
Configuration 21 (hide)
AND |
|
History
21 Nov 2024, 08:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 - Third Party Advisory, US Government Resource | |
References | () https://www.sielco.org/en/contacts - Product |
07 Nov 2023, 19:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:* cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:* cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:* cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:* cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Sielco analog Fm Transmitter Exc5000gx
Sielco analog Fm Transmitter Exc3000gx Sielco radio Link Exc19 Firmware Sielco radio Link Rtx19 Firmware Sielco analog Fm Transmitter Exc3000gx Firmware Sielco analog Fm Transmitter Exc1000gx Firmware Sielco analog Fm Transmitter Exc1600gx Sielco analog Fm Transmitter Exc1000gt Firmware Sielco analog Fm Transmitter Exc2000gx Sielco analog Fm Transmitter Exc100gt Firmware Sielco analog Fm Transmitter Exc300gx Firmware Sielco analog Fm Transmitter Exc120gx Firmware Sielco analog Fm Transmitter Exc120gt Sielco radio Link Exc19 Sielco analog Fm Transmitter Exc5000gt Firmware Sielco analog Fm Transmitter Exc2000gx Firmware Sielco analog Fm Transmitter Exc30gt Firmware Sielco analog Fm Transmitter Exc120gx Sielco analog Fm Transmitter Exc30gt Sielco analog Fm Transmitter Exc100gt Sielco analog Fm Transmitter Exc1600gx Firmware Sielco Sielco analog Fm Transmitter Exc300gt Firmware Sielco analog Fm Transmitter Exc120gt Firmware Sielco analog Fm Transmitter Exc1000gt Sielco analog Fm Transmitter Exc300gx Sielco analog Fm Transmitter Exc300gt Sielco analog Fm Transmitter Exc1000gx Sielco radio Link Rtx19 Sielco analog Fm Transmitter Exc5000gt Sielco analog Fm Transmitter Exc5000gx Firmware |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | (MISC) https://www.sielco.org/en/contacts - Product | |
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 - Third Party Advisory, US Government Resource |
26 Oct 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 17:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45228
Mitre link : CVE-2023-45228
CVE.ORG link : CVE-2023-45228
JSON object : View
Products Affected
sielco
- analog_fm_transmitter_exc2000gx_firmware
- analog_fm_transmitter_exc3000gx
- analog_fm_transmitter_exc2000gx
- analog_fm_transmitter_exc1000gx
- analog_fm_transmitter_exc5000gt
- analog_fm_transmitter_exc30gt
- radio_link_rtx19_firmware
- analog_fm_transmitter_exc300gx_firmware
- analog_fm_transmitter_exc300gt_firmware
- analog_fm_transmitter_exc1600gx
- analog_fm_transmitter_exc120gx_firmware
- radio_link_exc19_firmware
- analog_fm_transmitter_exc120gx
- analog_fm_transmitter_exc1000gt
- analog_fm_transmitter_exc5000gx
- analog_fm_transmitter_exc30gt_firmware
- analog_fm_transmitter_exc1600gx_firmware
- analog_fm_transmitter_exc1000gx_firmware
- radio_link_rtx19
- analog_fm_transmitter_exc300gt
- analog_fm_transmitter_exc100gt_firmware
- analog_fm_transmitter_exc5000gx_firmware
- analog_fm_transmitter_exc3000gx_firmware
- analog_fm_transmitter_exc1000gt_firmware
- analog_fm_transmitter_exc120gt
- analog_fm_transmitter_exc300gx
- analog_fm_transmitter_exc100gt
- analog_fm_transmitter_exc5000gt_firmware
- radio_link_exc19
- analog_fm_transmitter_exc120gt_firmware
CWE