CVE-2023-0451

Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining READONLY access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
econoliteeos
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02