CVE-2017-5145

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 10

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.

Ссылки

http://www.securityfocus.com/bid/95411
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/95411
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:carlosgavazzi:vmu-c_em_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:carlosgavazzi:vmu-c_em:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:carlosgavazzi:vmu-c_pv_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:carlosgavazzi:vmu-c_pv:-:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00193

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6fhf-grw8-8h8h