CVE-2023-2306

EUVD-2023-33812




Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
icscertCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
qognifynicevision
𝑥
≤ 3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02
https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02