← Volver a CVEs
CVE-2023-28654
CRITICAL9.8
Descripcion
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/28/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
propumpservice:osprey_pump_controllerpropumpservice:osprey_pump_controller_firmware
Debilidades (CWE)
CWE-798
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.