CVE-2023-45317

EUVD-2023-49611
The application interface allows users to perform certain actions via 
HTTP requests without performing any validity checks to verify the 
requests. This can be exploited to perform certain actions with 
administrative privileges if a logged-in user visits a malicious web 
site.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
sielcoanalog_fm_transmitter_exc5000gx_firmware
-
sielcoanalog_fm_transmitter_exc120gx_firmware
-
sielcoanalog_fm_transmitter_exc300gx_firmware
-
sielcoanalog_fm_transmitter_exc1600gx_firmware
-
sielcoanalog_fm_transmitter_exc2000gx_firmware
-
sielcoanalog_fm_transmitter_exc1600gx_firmware
-
sielcoanalog_fm_transmitter_exc1000gx_firmware
-
sielcoanalog_fm_transmitter_exc3000gx_firmware
-
sielcoanalog_fm_transmitter_exc5000gx_firmware
-
sielcoanalog_fm_transmitter_exc30gt_firmware
-
sielcoanalog_fm_transmitter_exc300gt_firmware
-
sielcoanalog_fm_transmitter_exc100gt_firmware
-
sielcoanalog_fm_transmitter_exc5000gt_firmware
-
sielcoanalog_fm_transmitter_exc1000gt_firmware
-
sielcoanalog_fm_transmitter_exc120gt_firmware
-
sielcoradio_link_rtx19_firmware
-
sielcoradio_link_rtx19_firmware
-
sielcoradio_link_exc19_firmware
-
sielcoradio_link_rtx19_firmware
-
sielcoradio_link_rtx19_firmware
-
sielcoradio_link_exc19_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
https://www.sielco.org/en/contacts
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
https://www.sielco.org/en/contacts