SB2023102719 - Multiple vulnerabilities in Sielco PolyEco FM Transmitter

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023102719

SB2023102719 - Multiple vulnerabilities in Sielco PolyEco FM Transmitter

Published: October 27, 2023

Security Bulletin ID SB2023102719
Severity
High
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 57% Medium 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Session Fixation (CVE-ID: CVE-2023-0897)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the cookie being vulnerable to a brute force attack, lack of SSL and the session being visible in requests. A remote attacker can perform a session hijacking attack.


2) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2023-5754)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a weak set of default administrative credentials. A remote attacker can perform a brute-force attack and gain full control of the system.


3) Improper access control (CVE-ID: CVE-2023-46661)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can modify passwords in POST requests and gain unauthorized access to the application.


4) Improper access control (CVE-ID: CVE-2023-46662)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request to gain access to sensitive information.


5) Improper access control (CVE-ID: CVE-2023-46663)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the application interface. A remote attacker can gain access to sensitive information.


6) Improper access control (CVE-ID: CVE-2023-46664)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions when the application provides direct access to objects based on user-supplied input. A remote attacker can bypass authorization and access resources behind protected pages.


7) Improper access control (CVE-ID: CVE-2023-46665)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can modify passwords in a POST request and gain unauthorized access to the application.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References