{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42769", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-10-25T15:23:55.536Z", "datePublished": "2023-10-26T16:15:17.707Z", "dateUpdated": "2025-01-16T21:28:22.775Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Analog FM transmitter", "vendor": "Sielco", "versions": [{"status": "affected", "version": "2.12 (EXC5000GX)"}, {"status": "affected", "version": "2.12 (EXC120GX)"}, {"status": "affected", "version": "2.11 (EXC300GX)"}, {"status": "affected", "version": "2.10 (EXC1600GX)"}, {"status": "affected", "version": "2.10 (EXC2000GX)"}, {"status": "affected", "version": "2.08 (EXC1600GX)"}, {"status": "affected", "version": "2.08 (EXC1000GX)"}, {"status": "affected", "version": "2.07 (EXC3000GX)"}, {"status": "affected", "version": "2.06 (EXC5000GX)"}, {"status": "affected", "version": "1.7.7 (EXC30GT)"}, {"status": "affected", "version": "1.7.4 (EXC300GT)"}, {"status": "affected", "version": "1.7.4 (EXC100GT)"}, {"status": "affected", "version": "1.7.4 (EXC5000GT)"}, {"status": "affected", "version": "1.6.3 (EXC1000GT)"}, {"status": "affected", "version": "1.5.4 (EXC120GT)"}]}, {"defaultStatus": "unaffected", "product": "Radio Link", "vendor": "Sielco ", "versions": [{"status": "affected", "version": "2.06 (RTX19)"}, {"status": "affected", "version": "2.05 (RTX19)"}, {"status": "affected", "version": "2.00 (EXC19)"}, {"status": "affected", "version": "1.60 (RTX19)"}, {"status": "affected", "version": "1.59 (RTX19)"}, {"status": "affected", "version": "1.55 (EXC19)"}]}], "datePublic": "2023-10-26T16:02:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nThe cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"}], "value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-10-26T16:15:17.707Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"}, {"url": "https://www.sielco.org/en/contacts"}], "source": {"discovery": "EXTERNAL"}, "title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\">customer support</a>&nbsp;for additional information.\n\n<br>"}], "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.286Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08", "tags": ["x_transferred"]}, {"url": "https://www.sielco.org/en/contacts", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T21:22:35.040144Z", "id": "CVE-2023-42769", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:28:22.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08", "tags": ["x_transferred"]}, {"url": "https://www.sielco.org/en/contacts", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:30:24.286Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42769", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-16T21:22:35.040144Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:22:37.475Z"}}], "cna": {"title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sielco", "product": "Analog FM transmitter", "versions": [{"status": "affected", "version": "2.12 (EXC5000GX)"}, {"status": "affected", "version": "2.12 (EXC120GX)"}, {"status": "affected", "version": "2.11 (EXC300GX)"}, {"status": "affected", "version": "2.10 (EXC1600GX)"}, {"status": "affected", "version": "2.10 (EXC2000GX)"}, {"status": "affected", "version": "2.08 (EXC1600GX)"}, {"status": "affected", "version": "2.08 (EXC1000GX)"}, {"status": "affected", "version": "2.07 (EXC3000GX)"}, {"status": "affected", "version": "2.06 (EXC5000GX)"}, {"status": "affected", "version": "1.7.7 (EXC30GT)"}, {"status": "affected", "version": "1.7.4 (EXC300GT)"}, {"status": "affected", "version": "1.7.4 (EXC100GT)"}, {"status": "affected", "version": "1.7.4 (EXC5000GT)"}, {"status": "affected", "version": "1.6.3 (EXC1000GT)"}, {"status": "affected", "version": "1.5.4 (EXC120GT)"}], "defaultStatus": "unaffected"}, {"vendor": "Sielco ", "product": "Radio Link", "versions": [{"status": "affected", "version": "2.06 (RTX19)"}, {"status": "affected", "version": "2.05 (RTX19)"}, {"status": "affected", "version": "2.00 (EXC19)"}, {"status": "affected", "version": "1.60 (RTX19)"}, {"status": "affected", "version": "1.59 (RTX19)"}, {"status": "affected", "version": "1.55 (EXC19)"}], "defaultStatus": "unaffected"}], "datePublic": "2023-10-26T16:02:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"}, {"url": "https://www.sielco.org/en/contacts"}], "workarounds": [{"lang": "en", "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\">customer support</a>&nbsp;for additional information.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n", "supportingMedia": [{"type": "text/html", "value": "\nThe cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-10-26T16:15:17.707Z"}}}, "cveMetadata": {"cveId": "CVE-2023-42769", "state": "PUBLISHED", "dateUpdated": "2025-01-16T21:28:22.775Z", "dateReserved": "2023-10-25T15:23:55.536Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-10-26T16:15:17.707Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "88E56078-45E6-40B6-AD56-754417AA612D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "C27380E3-5787-4C7F-96AE-E834040EA173", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C80C4E0-99B6-4613-8177-16F48262D5A1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "C1C02CE8-16FD-4806-8D63-BA9FDAC1F71A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "67169423-AF07-472D-A6AC-824C984CCF1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "11F2CB0B-24EF-4936-9C66-D0AD36C9A7E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2441008F-E40A-444B-8ECA-1EADE30BD10A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "427F22A9-A765-406D-B69F-EAC2F6135D39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA6B6755-024E-415E-AFED-3D400EF1AF4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "19520B42-0049-4CE7-9EE0-B42235868837", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2441008F-E40A-444B-8ECA-1EADE30BD10A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:*", "matchCriteriaId": "D48F458B-DF3C-4BD8-9B2F-3C1912A46A1D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2AC526C-AC1D-4B86-8DA8-7FDC5EE048AD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:*", "matchCriteriaId": "1EC90D2A-2A31-47DF-9417-03CA14537DC8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9BAEA126-26DC-46D4-B2DC-9D654E40AE69", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:*", "matchCriteriaId": "03644DDC-CA02-40B3-88B9-CF7A0652B6C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "88E56078-45E6-40B6-AD56-754417AA612D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:*", "matchCriteriaId": "C70C0CCF-B3FC-4C4E-8452-06332F7C6531", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1422AD55-64A5-449C-8DC9-D3A0F94CF88B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "C89B2915-7248-473D-82DB-987CBB27C88B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "225AF1A9-BAFD-4282-87FD-01DC3B4F7F2D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "A44224EB-5D1B-4384-BE01-1D5F9BE04F0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "20109CEA-108E-4FEE-83C1-7FF47A33B8C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F852823F-D669-4A3D-9FA1-5A9BA85949D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2700ACAC-39AA-43D4-BDCA-F97FF223AB7D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "7FB21956-92FB-4837-A173-904152486545", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F88C8279-347E-4179-9429-B54A3EADDF92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1443832-3C4E-4795-B333-BFE877755D57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C76D25F5-5B8F-4560-96E2-7D6922BCBF72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "D319A987-73D1-401A-9A23-F207DBC6E3B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:*", "matchCriteriaId": "7E32597B-BFDA-40BA-B8BA-889AC1F695B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:*", "matchCriteriaId": "9ECF7A90-EBF5-47B9-8BB0-F37B6D7A963A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234A6FEA-8292-48A5-8C60-2A8976E4740F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:*", "matchCriteriaId": "ABF0512B-EE6F-496F-A561-2B5F94AB0670", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:*", "matchCriteriaId": "65490A2B-74B0-455B-BBD4-8143939BC5CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:*", "matchCriteriaId": "7E4D0FD7-079E-4781-AA84-9528528B29A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234A6FEA-8292-48A5-8C60-2A8976E4740F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:*", "matchCriteriaId": "F6442DD6-095D-47BF-BBA6-0634C20D62D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"}, {"lang": "es", "value": "El ID de sesi\u00f3n de la cookie tiene una longitud insuficiente y puede explotarse mediante fuerza bruta, lo que puede permitir a un atacante remoto obtener una sesi\u00f3n v\u00e1lida, omitir la autenticaci\u00f3n y manipular el transmisor."}], "id": "CVE-2023-42769", "lastModified": "2024-11-21T08:23:07.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-26T17:15:08.950", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://www.sielco.org/en/contacts"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.sielco.org/en/contacts"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}