{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27927", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-03-20T14:52:02.983Z", "datePublished": "2023-03-27T19:33:49.432Z", "dateUpdated": "2024-08-02T12:23:30.295Z"}, "containers": {"cna": {"title": "CVE-2023-27927", "descriptions": [{"lang": "en", "value": "An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "SAUTER", "product": "EY-AS525F001 with moduWeb", "versions": [{"status": "affected", "version": "all versions"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03"}], "x_generator": {"engine": "VINCE 2.0.7", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-27927"}, "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-03-27T19:33:49.432Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:23:30.295Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sauter-controls:ey-as525f001_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "37645A9B-B6A3-498C-B148-E78A1CD4C60B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sauter-controls:ey-as525f001:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF655609-2273-4111-8F44-0835C769E391", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials."}], "id": "CVE-2023-27927", "lastModified": "2023-11-07T04:10:21.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-27T20:15:09.577", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}