CVE-2023-0451

Econolite EOS versions prior to 3.2.23 lack a password
requirement for gaining “READONLY” access to log files and certain database and
configuration files. One such file contains tables with MD5 hashes and
usernames for all defined users in the control software, including
administrators and technicians.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
econoliteeos
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02