{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-41966",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-267 Privilege Defined With Unsafe Actions",
"cweId": "CWE-267"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sielco",
"product": {
"product_data": [
{
"product_name": "Analog FM transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.12 (EXC5000GX)"
},
{
"version_affected": "=",
"version_value": "2.12 (EXC120GX)"
},
{
"version_affected": "=",
"version_value": "2.11 (EXC300GX)"
},
{
"version_affected": "=",
"version_value": "2.10 (EXC1600GX)"
},
{
"version_affected": "=",
"version_value": "2.10 (EXC2000GX)"
},
{
"version_affected": "=",
"version_value": "2.08 (EXC1600GX)"
},
{
"version_affected": "=",
"version_value": "2.08 (EXC1000GX)"
},
{
"version_affected": "=",
"version_value": "2.07 (EXC3000GX)"
},
{
"version_affected": "=",
"version_value": "2.06 (EXC5000GX)"
},
{
"version_affected": "=",
"version_value": "1.7.7 (EXC30GT)"
},
{
"version_affected": "=",
"version_value": "1.7.4 (EXC300GT)"
},
{
"version_affected": "=",
"version_value": "1.7.4 (EXC100GT)"
},
{
"version_affected": "=",
"version_value": "1.7.4 (EXC5000GT)"
},
{
"version_affected": "=",
"version_value": "1.6.3 (EXC1000GT)"
},
{
"version_affected": "=",
"version_value": "1.5.4 (EXC120GT)"
}
]
}
}
]
}
},
{
"vendor_name": "Sielco ",
"product": {
"product_data": [
{
"product_name": "Radio Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.06 (RTX19)"
},
{
"version_affected": "=",
"version_value": "2.05 (RTX19)"
},
{
"version_affected": "=",
"version_value": "2.00 (EXC19)"
},
{
"version_affected": "=",
"version_value": "1.60 (RTX19)"
},
{
"version_affected": "=",
"version_value": "1.59 (RTX19)"
},
{
"version_affected": "=",
"version_value": "1.55 (EXC19)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts",
"refsource": "MISC",
"name": "https://www.sielco.org/en/contacts"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support for additional information.\n\n
"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}
}