CVE-2023-5846 - Vulnerability Details - OpenCVE

Description

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

Published: 2023-11-02

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Franklin Fueling System

TS-550

unaffected

Version	Status	Constraints
`0`	affected	< 1.9.23.8960

Configuration 1 [-]

AND

cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Franklin Fueling Systems released the following to fix this vulnerability: * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes For more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58126	Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04

History

No history.

Subscriptions

Franklinfueling Ts-550 Evo Ts-550 Evo Firmware

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-11-02T16:47:40.389Z

Updated: 2024-09-12T13:35:16.629Z

Reserved: 2023-10-30T16:24:03.097Z

Link: CVE-2023-5846

Vulnrichment

Updated: 2024-08-02T08:14:24.292Z

NVD

Status : Modified

Published: 2023-11-02T17:15:11.747

Modified: 2024-11-21T08:42:37.257

Link: CVE-2023-5846

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-916

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5846", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-10-30T16:24:03.097Z", "datePublished": "2023-11-02T16:47:40.389Z", "dateUpdated": "2024-09-12T13:35:16.629Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TS-550", "vendor": "Franklin Fueling System", "versions": [{"lessThan": "1.9.23.8960", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n"}], "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>"}], "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.292Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "franklinfueling", "product": "ts-550_evo", "cpes": ["cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.9.23.8960", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T18:21:51.519787Z", "id": "CVE-2023-5846", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:35:16.629Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.292Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5846", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T18:21:51.519787Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*"], "vendor": "franklinfueling", "product": "ts-550_evo", "versions": [{"status": "affected", "version": "0", "lessThan": "1.9.23.8960", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T18:23:24.045Z"}}], "cna": {"title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Franklin Fueling System", "product": "TS-550", "versions": [{"status": "affected", "version": "0", "lessThan": "1.9.23.8960", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5846", "state": "PUBLISHED", "dateUpdated": "2024-09-12T13:35:16.629Z", "dateReserved": "2023-10-30T16:24:03.097Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-11-02T16:47:40.389Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C746FABA-E991-4646-9551-0038FB1D51A6", "versionEndExcluding": "1.9.23.8960", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*", "matchCriteriaId": "42AF9F76-7481-4621-B002-510053E61A7B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones del Franklin Fueling System TS-550 anteriores a la 1.9.23.8960 son vulnerables a que los atacantes descifren las credenciales de administrador, lo que da como resultado un acceso no autenticado al dispositivo."}], "id": "CVE-2023-5846", "lastModified": "2024-11-21T08:42:37.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-02T17:15:11.747", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-916"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-916"}], "source": "nvd@nist.gov", "type": "Primary"}]}