CVE-2023-46663









Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
sielcopolyeco500_firmware
1.7.0
sielcopolyeco500_firmware
10.16
sielcopolyeco300_firmware
2.0.0
sielcopolyeco300_firmware
2.0.2
sielcopolyeco300_firmware
10.19
sielcopolyeco1000_firmware
1.9.3
sielcopolyeco1000_firmware
1.9.4
sielcopolyeco1000_firmware
2.0.6
sielcopolyeco1000_firmware
10.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07