CVE-2023-2003

Опубликовано: 13 июл. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 9.8

EPSS Низкий

Описание

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

Ссылки

https://www.hackplayers.com/2023/07/vulnerabilidad-vision1210-unitronics.html
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/embedded-malicious-code-vulnerability-unitronics-vision1210
Third Party Advisory
https://www.hackplayers.com/2023/07/vulnerabilidad-vision1210-unitronics.html
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/embedded-malicious-code-vulnerability-unitronics-vision1210
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:unitronics:vision1210_firmware:4.3:build_5:*:*:*:*:*:*

cpe:2.3:h:unitronics:vision1210:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00274

Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-506

NVD-CWE-Other

Связанные уязвимости

GHSA-5746-cm3p-frrh

CVSS3: 9.1

github

больше 2 лет назад

EPSS

Процентиль: 50%

0.00274

Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-506

NVD-CWE-Other