CVE-2023-46663









Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sielcopolyeco500_firmware
1.7.0
sielcopolyeco500_firmware
10.16
sielcopolyeco300_firmware
2.0.0
sielcopolyeco300_firmware
2.0.2
sielcopolyeco300_firmware
10.19
sielcopolyeco1000_firmware
1.9.3
sielcopolyeco1000_firmware
1.9.4
sielcopolyeco1000_firmware
2.0.6
sielcopolyeco1000_firmware
10.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07