Use of Password Hash With Insufficient Computational Effort in Franklin Electric TS-550



Published: 2023-11-03
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-5846
CWE-ID CWE-916
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		TS-550
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Use of Password Hash With Insufficient Computational Effort

EUVDB-ID: #VU82702

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5846

CWE-ID: CWE-916 - Use of Password Hash With Insufficient Computational Effort

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of a weak hash algorithm. A remote attacker can decode admin credentials and gain unauthenticated access to the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TS-550: before 1.9.23.8960

External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-306-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###