exploitDog

CVE-2023-38422

Опубликовано: 23 авг. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:walchem:intuition_9_firmware:*:*:*:*:*:*:*:*

Версия до 4.21 (исключая)

cpe:2.3:h:walchem:intuition_9:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00078

Низкий

7.5 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-f4qx-h2mr-395w

CVSS3: 7.5

github

больше 2 лет назад

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.

EPSS

Процентиль: 24%

0.00078

Низкий

7.5 High

CVSS3

Дефекты

CWE-306