CVE-2023-5846 - Vulnerability Details - OpenCVE

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Vendors	Products
Franklinfueling	Ts-550 Evo Ts-550 Evo Firmware

Configuration 1 [-]

AND

cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58126	Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

Fixes

Solution

Franklin Fueling Systems released the following to fix this vulnerability: * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes For more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-11-02T16:47:40.389Z

Updated: 2024-09-12T13:35:16.629Z

Reserved: 2023-10-30T16:24:03.097Z

Link: CVE-2023-5846

Vulnrichment

Updated: 2024-08-02T08:14:24.292Z

NVD

Status : Modified

Published: 2023-11-02T17:15:11.747

Modified: 2024-11-21T08:42:37.257

Link: CVE-2023-5846

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5846", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-10-30T16:24:03.097Z", "datePublished": "2023-11-02T16:47:40.389Z", "dateUpdated": "2024-09-12T13:35:16.629Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TS-550", "vendor": "Franklin Fueling System", "versions": [{"lessThan": "1.9.23.8960", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n"}], "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>"}], "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.292Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "franklinfueling", "product": "ts-550_evo", "cpes": ["cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.9.23.8960", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T18:21:51.519787Z", "id": "CVE-2023-5846", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:35:16.629Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.292Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5846", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T18:21:51.519787Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*"], "vendor": "franklinfueling", "product": "ts-550_evo", "versions": [{"status": "affected", "version": "0", "lessThan": "1.9.23.8960", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T18:23:24.045Z"}}], "cna": {"title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Franklin Fueling System", "product": "TS-550", "versions": [{"status": "affected", "version": "0", "lessThan": "1.9.23.8960", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5846", "state": "PUBLISHED", "dateUpdated": "2024-09-12T13:35:16.629Z", "dateReserved": "2023-10-30T16:24:03.097Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-11-02T16:47:40.389Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C746FABA-E991-4646-9551-0038FB1D51A6", "versionEndExcluding": "1.9.23.8960", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*", "matchCriteriaId": "42AF9F76-7481-4621-B002-510053E61A7B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones del Franklin Fueling System TS-550 anteriores a la 1.9.23.8960 son vulnerables a que los atacantes descifren las credenciales de administrador, lo que da como resultado un acceso no autenticado al dispositivo."}], "id": "CVE-2023-5846", "lastModified": "2024-11-21T08:42:37.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-02T17:15:11.747", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-916"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-916"}], "source": "nvd@nist.gov", "type": "Primary"}]}