CVE-2023-29116 - OpenCVE

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Enelx	Waybox Pro Waybox Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf

History

Fri, 08 Nov 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Enelx Enelx waybox Pro Enelx waybox Pro Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:enelx:waybox_pro:3.0:::::::* cpe:2.3:o:enelx:waybox_pro_firmware::::::::
Vendors & Products		Enelx Enelx waybox Pro Enelx waybox Pro Firmware

Tue, 05 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 05 Nov 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
Title		PHP Information Disclosure in Enel X JuiceBox
Weaknesses		CWE-200
References		https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2024-11-05T15:08:28.147Z

Updated: 2024-11-05T19:10:35.357Z

Reserved: 2023-03-31T10:22:52.667Z

Link: CVE-2023-29116

Vulnrichment

Updated: 2024-11-05T19:10:30.788Z

NVD

Status : Analyzed

Published: 2024-11-05T16:15:15.307

Modified: 2024-11-08T16:08:20.573

Link: CVE-2023-29116

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29116", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2023-03-31T10:22:52.667Z", "datePublished": "2024-11-05T15:08:28.147Z", "dateUpdated": "2024-11-05T19:10:35.357Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web Manager interface"], "product": "JuiceBox Pro 3.0 22kW Cellular", "vendor": "Enel X", "versions": [{"lessThan": "2.1.1.0_JB3VU096A", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdellah Benotsmane (PCAutomotive)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained."}], "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained."}], "impacts": [{"capecId": "CAPEC-169", "descriptions": [{"lang": "en", "value": "CAPEC-169: Footprinting"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-11-05T15:08:28.147Z"}, "references": [{"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf"}], "source": {"discovery": "EXTERNAL"}, "title": "PHP Information Disclosure in Enel X JuiceBox", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-05T19:10:24.863554Z", "id": "CVE-2023-29116", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T19:10:35.357Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-29116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-05T19:10:24.863554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T19:10:30.788Z"}}], "cna": {"title": "PHP Information Disclosure in Enel X JuiceBox", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdellah Benotsmane (PCAutomotive)"}], "impacts": [{"capecId": "CAPEC-169", "descriptions": [{"lang": "en", "value": "CAPEC-169: Footprinting"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Enel X", "modules": ["Web Manager interface"], "product": "JuiceBox Pro 3.0 22kW Cellular", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.1.0_JB3VU096A", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.", "supportingMedia": [{"type": "text/html", "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-11-05T15:08:28.147Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29116", "state": "PUBLISHED", "dateUpdated": "2024-11-05T19:10:35.357Z", "dateReserved": "2023-03-31T10:22:52.667Z", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "datePublished": "2024-11-05T15:08:28.147Z", "assignerShortName": "ASRG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE", "versionEndExcluding": "2.1.1.0_jb3vu096a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained."}, {"lang": "es", "value": " En determinadas condiciones, a trav\u00e9s de una solicitud dirigida a la aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X, se podr\u00eda obtener informaci\u00f3n como la versi\u00f3n del sistema operativo Waybox o detalles de configuraci\u00f3n del servicio."}], "id": "CVE-2023-29116", "lastModified": "2024-11-08T16:08:20.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@asrg.io", "type": "Secondary"}]}, "published": "2024-11-05T16:15:15.307", "references": [{"source": "cve@asrg.io", "tags": ["Vendor Advisory"], "url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve@asrg.io", "type": "Secondary"}]}