CVE-2023-5846 - OpenCVE

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Franklinfueling	Ts-550 Evo Ts-550 Evo Firmware

Configuration 1 [-]

AND

cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-11-02T16:47:40.389Z

Updated: 2024-09-12T13:35:16.629Z

Reserved: 2023-10-30T16:24:03.097Z

Link: CVE-2023-5846

Vulnrichment

Updated: 2024-08-02T08:14:24.292Z

NVD

Status : Analyzed

Published: 2023-11-02T17:15:11.747

Modified: 2023-11-09T20:41:19.543

Link: CVE-2023-5846

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5846", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-10-30T16:24:03.097Z", "datePublished": "2023-11-02T16:47:40.389Z", "dateUpdated": "2024-09-12T13:35:16.629Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TS-550", "vendor": "Franklin Fueling System", "versions": [{"lessThan": "1.9.23.8960", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n"}], "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>"}], "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.292Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "franklinfueling", "product": "ts-550_evo", "cpes": ["cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.9.23.8960", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T18:21:51.519787Z", "id": "CVE-2023-5846", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:35:16.629Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.292Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5846", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T18:21:51.519787Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*"], "vendor": "franklinfueling", "product": "ts-550_evo", "versions": [{"status": "affected", "version": "0", "lessThan": "1.9.23.8960", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T18:23:24.045Z"}}], "cna": {"title": "Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Parsa Rezaie Khiabanloo"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Franklin Fueling System", "product": "TS-550", "versions": [{"status": "affected", "version": "0", "lessThan": "1.9.23.8960", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * TS-550: Version 1.9.23.8960 https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes \n\n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Franklin Fueling Systems released the following to fix this vulnerability:</p><ul><li>TS-550: <a target=\"_blank\" rel=\"nofollow\" href=\"https://fele.widen.net/s/kwswqllpbt/tb0923-04-t5-series-firmware-1-9-23-8960-release-notes\">Version 1.9.23.8960</a></li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/contact-us/\">Franklin Fueling System</a>.</p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</p><br>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-11-02T16:47:40.389Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5846", "state": "PUBLISHED", "dateUpdated": "2024-09-12T13:35:16.629Z", "dateReserved": "2023-10-30T16:24:03.097Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-11-02T16:47:40.389Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C746FABA-E991-4646-9551-0038FB1D51A6", "versionEndExcluding": "1.9.23.8960", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*", "matchCriteriaId": "42AF9F76-7481-4621-B002-510053E61A7B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nFranklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones del Franklin Fueling System TS-550 anteriores a la 1.9.23.8960 son vulnerables a que los atacantes descifren las credenciales de administrador, lo que da como resultado un acceso no autenticado al dispositivo."}], "id": "CVE-2023-5846", "lastModified": "2023-11-09T20:41:19.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-11-02T17:15:11.747", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-916"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-916"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}