{"id": "CVE-2023-45317", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-26T17:15:09.177", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.sielco.org/en/contacts", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"}, {"lang": "es", "value": "La interfaz de la aplicaci\u00f3n permite a los usuarios realizar ciertas acciones a trav\u00e9s de solicitudes HTTP sin realizar ninguna verificaci\u00f3n de validez para verificar las solicitudes. Esto se puede aprovechar para realizar determinadas acciones con privilegios administrativos si un usuario que ha iniciado sesi\u00f3n visita un sitio web malicioso."}], "lastModified": "2023-11-07T19:54:46.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C27380E3-5787-4C7F-96AE-E834040EA173"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E56078-45E6-40B6-AD56-754417AA612D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1C02CE8-16FD-4806-8D63-BA9FDAC1F71A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C80C4E0-99B6-4613-8177-16F48262D5A1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67169423-AF07-472D-A6AC-824C984CCF1C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11F2CB0B-24EF-4936-9C66-D0AD36C9A7E8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2441008F-E40A-444B-8ECA-1EADE30BD10A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "427F22A9-A765-406D-B69F-EAC2F6135D39"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA6B6755-024E-415E-AFED-3D400EF1AF4E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19520B42-0049-4CE7-9EE0-B42235868837"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2441008F-E40A-444B-8ECA-1EADE30BD10A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D48F458B-DF3C-4BD8-9B2F-3C1912A46A1D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2AC526C-AC1D-4B86-8DA8-7FDC5EE048AD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EC90D2A-2A31-47DF-9417-03CA14537DC8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BAEA126-26DC-46D4-B2DC-9D654E40AE69"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03644DDC-CA02-40B3-88B9-CF7A0652B6C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E56078-45E6-40B6-AD56-754417AA612D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C70C0CCF-B3FC-4C4E-8452-06332F7C6531"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1422AD55-64A5-449C-8DC9-D3A0F94CF88B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C89B2915-7248-473D-82DB-987CBB27C88B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "225AF1A9-BAFD-4282-87FD-01DC3B4F7F2D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A44224EB-5D1B-4384-BE01-1D5F9BE04F0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20109CEA-108E-4FEE-83C1-7FF47A33B8C3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F852823F-D669-4A3D-9FA1-5A9BA85949D6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700ACAC-39AA-43D4-BDCA-F97FF223AB7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FB21956-92FB-4837-A173-904152486545"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F88C8279-347E-4179-9429-B54A3EADDF92"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1443832-3C4E-4795-B333-BFE877755D57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C76D25F5-5B8F-4560-96E2-7D6922BCBF72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D319A987-73D1-401A-9A23-F207DBC6E3B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E32597B-BFDA-40BA-B8BA-889AC1F695B1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9ECF7A90-EBF5-47B9-8BB0-F37B6D7A963A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234A6FEA-8292-48A5-8C60-2A8976E4740F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABF0512B-EE6F-496F-A561-2B5F94AB0670"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65490A2B-74B0-455B-BBD4-8143939BC5CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DCF3BEC-B138-4C18-8F54-1E75B8EC5E47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E4D0FD7-079E-4781-AA84-9528528B29A8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234A6FEA-8292-48A5-8C60-2A8976E4740F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F6442DD6-095D-47BF-BBA6-0634C20D62D4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}
