Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for analog_fm_transmitter_exc5000gx_firmware by sielco

    CVE-2023-45317 (GCVE-0-2023-45317)

    Vulnerability from nvd – Published: 2023-10-26 16:17 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery
    Summary
    The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:15.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:07.199578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:15.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
                }
              ],
              "value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:17:37.365Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-45317",
        "datePublished": "2023-10-26T16:17:37.365Z",
        "dateReserved": "2023-10-25T15:23:55.532Z",
        "dateUpdated": "2025-01-16T21:28:15.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45228 (GCVE-0-2023-45228)

    Vulnerability from nvd – Published: 2023-10-26 16:19 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Improper Access Control
    Summary
    The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.919Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:18:55.827236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:09.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
                }
              ],
              "value": "\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284  Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:19:41.642Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters  Improper Access Control",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-45228",
        "datePublished": "2023-10-26T16:19:41.642Z",
        "dateReserved": "2023-10-25T15:23:55.527Z",
        "dateUpdated": "2025-01-16T21:28:09.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42769 (GCVE-0-2023-42769)

    Vulnerability from nvd – Published: 2023-10-26 16:15 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Improper Access Control
    Summary
    The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:24.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42769",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:35.040144Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:22.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nThe cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
                }
              ],
              "value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:15:17.707Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-42769",
        "datePublished": "2023-10-26T16:15:17.707Z",
        "dateReserved": "2023-10-25T15:23:55.536Z",
        "dateUpdated": "2025-01-16T21:28:22.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41966 (GCVE-0-2023-41966)

    Vulnerability from nvd – Published: 2023-10-26 16:21 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions
    Summary
    The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-267 - Privilege Defined With Unsafe Actions
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41966",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:18:51.607180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:02.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-267",
                  "description": "CWE-267 Privilege Defined With Unsafe Actions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:21:56.412Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-41966",
        "datePublished": "2023-10-26T16:21:56.412Z",
        "dateReserved": "2023-10-25T15:23:55.519Z",
        "dateUpdated": "2025-01-16T21:28:02.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41966 (GCVE-0-2023-41966)

    Vulnerability from cvelistv5 – Published: 2023-10-26 16:21 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions
    Summary
    The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-267 - Privilege Defined With Unsafe Actions
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41966",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:18:51.607180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:02.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-267",
                  "description": "CWE-267 Privilege Defined With Unsafe Actions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:21:56.412Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-41966",
        "datePublished": "2023-10-26T16:21:56.412Z",
        "dateReserved": "2023-10-25T15:23:55.519Z",
        "dateUpdated": "2025-01-16T21:28:02.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45228 (GCVE-0-2023-45228)

    Vulnerability from cvelistv5 – Published: 2023-10-26 16:19 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Improper Access Control
    Summary
    The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.919Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:18:55.827236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:09.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
                }
              ],
              "value": "\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284  Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:19:41.642Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters  Improper Access Control",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-45228",
        "datePublished": "2023-10-26T16:19:41.642Z",
        "dateReserved": "2023-10-25T15:23:55.527Z",
        "dateUpdated": "2025-01-16T21:28:09.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45317 (GCVE-0-2023-45317)

    Vulnerability from cvelistv5 – Published: 2023-10-26 16:17 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery
    Summary
    The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:15.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:07.199578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:15.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
                }
              ],
              "value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:17:37.365Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-45317",
        "datePublished": "2023-10-26T16:17:37.365Z",
        "dateReserved": "2023-10-25T15:23:55.532Z",
        "dateUpdated": "2025-01-16T21:28:15.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42769 (GCVE-0-2023-42769)

    Vulnerability from cvelistv5 – Published: 2023-10-26 16:15 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Sielco Radio Link and Analog FM Transmitters Improper Access Control
    Summary
    The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco Analog FM transmitter Affected: 2.12 (EXC5000GX)
    Affected: 2.12 (EXC120GX)
    Affected: 2.11 (EXC300GX)
    Affected: 2.10 (EXC1600GX)
    Affected: 2.10 (EXC2000GX)
    Affected: 2.08 (EXC1600GX)
    Affected: 2.08 (EXC1000GX)
    Affected: 2.07 (EXC3000GX)
    Affected: 2.06 (EXC5000GX)
    Affected: 1.7.7 (EXC30GT)
    Affected: 1.7.4 (EXC300GT)
    Affected: 1.7.4 (EXC100GT)
    Affected: 1.7.4 (EXC5000GT)
    Affected: 1.6.3 (EXC1000GT)
    Affected: 1.5.4 (EXC120GT)
    Create a notification for this product.
    Sielco Radio Link Affected: 2.06 (RTX19)
    Affected: 2.05 (RTX19)
    Affected: 2.00 (EXC19)
    Affected: 1.60 (RTX19)
    Affected: 1.59 (RTX19)
    Affected: 1.55 (EXC19)
    Create a notification for this product.
    Date Public
    2023-10-26 16:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:24.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sielco.org/en/contacts"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42769",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:35.040144Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:22.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Analog FM transmitter",
              "vendor": "Sielco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.12 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.12 (EXC120GX)"
                },
                {
                  "status": "affected",
                  "version": "2.11 (EXC300GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.10 (EXC2000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1600GX)"
                },
                {
                  "status": "affected",
                  "version": "2.08 (EXC1000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.07 (EXC3000GX)"
                },
                {
                  "status": "affected",
                  "version": "2.06 (EXC5000GX)"
                },
                {
                  "status": "affected",
                  "version": "1.7.7 (EXC30GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC300GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC100GT)"
                },
                {
                  "status": "affected",
                  "version": "1.7.4 (EXC5000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.6.3 (EXC1000GT)"
                },
                {
                  "status": "affected",
                  "version": "1.5.4 (EXC120GT)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Link",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.06 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.05 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "2.00 (EXC19)"
                },
                {
                  "status": "affected",
                  "version": "1.60 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.59 (RTX19)"
                },
                {
                  "status": "affected",
                  "version": "1.55 (EXC19)"
                }
              ]
            }
          ],
          "datePublic": "2023-10-26T16:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nThe cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
                }
              ],
              "value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T16:15:17.707Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
            },
            {
              "url": "https://www.sielco.org/en/contacts"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-42769",
        "datePublished": "2023-10-26T16:15:17.707Z",
        "dateReserved": "2023-10-25T15:23:55.536Z",
        "dateUpdated": "2025-01-16T21:28:22.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }