CVE-2023-45317

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 Third Party Advisory US Government Resource
https://www.sielco.org/en/contacts Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:*

History

07 Nov 2023, 19:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://www.sielco.org/en/contacts - (MISC) https://www.sielco.org/en/contacts - Product
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08 - Third Party Advisory, US Government Resource
First Time Sielco analog Fm Transmitter Exc5000gx
Sielco analog Fm Transmitter Exc3000gx
Sielco radio Link Exc19 Firmware
Sielco radio Link Rtx19 Firmware
Sielco analog Fm Transmitter Exc3000gx Firmware
Sielco analog Fm Transmitter Exc1000gx Firmware
Sielco analog Fm Transmitter Exc1600gx
Sielco analog Fm Transmitter Exc1000gt Firmware
Sielco analog Fm Transmitter Exc2000gx
Sielco analog Fm Transmitter Exc100gt Firmware
Sielco analog Fm Transmitter Exc300gx Firmware
Sielco analog Fm Transmitter Exc120gx Firmware
Sielco analog Fm Transmitter Exc120gt
Sielco radio Link Exc19
Sielco analog Fm Transmitter Exc5000gt Firmware
Sielco analog Fm Transmitter Exc2000gx Firmware
Sielco analog Fm Transmitter Exc30gt Firmware
Sielco analog Fm Transmitter Exc120gx
Sielco analog Fm Transmitter Exc30gt
Sielco analog Fm Transmitter Exc100gt
Sielco analog Fm Transmitter Exc1600gx Firmware
Sielco
Sielco analog Fm Transmitter Exc300gt Firmware
Sielco analog Fm Transmitter Exc120gt Firmware
Sielco analog Fm Transmitter Exc1000gt
Sielco analog Fm Transmitter Exc300gx
Sielco analog Fm Transmitter Exc300gt
Sielco analog Fm Transmitter Exc1000gx
Sielco radio Link Rtx19
Sielco analog Fm Transmitter Exc5000gt
Sielco analog Fm Transmitter Exc5000gx Firmware
CPE cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:*
cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*
cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:*
cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:*
CWE CWE-352

26 Oct 2023, 17:33

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-26 17:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-45317

Mitre link : CVE-2023-45317

CVE.ORG link : CVE-2023-45317


JSON object : View

Products Affected

sielco

  • analog_fm_transmitter_exc30gt
  • analog_fm_transmitter_exc2000gx
  • analog_fm_transmitter_exc120gt
  • analog_fm_transmitter_exc5000gt
  • analog_fm_transmitter_exc120gt_firmware
  • analog_fm_transmitter_exc300gt
  • analog_fm_transmitter_exc5000gx
  • analog_fm_transmitter_exc100gt_firmware
  • analog_fm_transmitter_exc1000gx_firmware
  • analog_fm_transmitter_exc300gt_firmware
  • analog_fm_transmitter_exc120gx_firmware
  • analog_fm_transmitter_exc300gx
  • analog_fm_transmitter_exc100gt
  • analog_fm_transmitter_exc1000gx
  • analog_fm_transmitter_exc5000gt_firmware
  • radio_link_exc19
  • analog_fm_transmitter_exc1000gt_firmware
  • analog_fm_transmitter_exc1600gx
  • radio_link_exc19_firmware
  • analog_fm_transmitter_exc120gx
  • analog_fm_transmitter_exc1600gx_firmware
  • analog_fm_transmitter_exc300gx_firmware
  • radio_link_rtx19_firmware
  • analog_fm_transmitter_exc30gt_firmware
  • analog_fm_transmitter_exc3000gx_firmware
  • analog_fm_transmitter_exc3000gx
  • analog_fm_transmitter_exc2000gx_firmware
  • analog_fm_transmitter_exc1000gt
  • radio_link_rtx19
  • analog_fm_transmitter_exc5000gx_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)