Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for polyeco1000_firmware by sielco

    CVE-2023-46665 (GCVE-0-2023-46665)

    Vulnerability from nvd – Published: 2023-10-26 20:08 – Updated: 2025-01-16 21:26
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.790Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46665",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:24.780289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:26:57.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\u003c/p\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:08:22.908Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46665",
        "datePublished": "2023-10-26T20:08:22.908Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:26:57.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46664 (GCVE-0-2023-46664)

    Vulnerability from nvd – Published: 2023-10-26 20:04 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:36.232976Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:05.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:04:33.638Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46664",
        "datePublished": "2023-10-26T20:04:33.638Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:27:05.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46663 (GCVE-0-2023-46663)

    Vulnerability from nvd – Published: 2023-10-26 20:02 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:39.161131Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:13.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\u003c/p\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:02:24.004Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46663",
        "datePublished": "2023-10-26T20:02:24.004Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:27:13.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5754 (GCVE-0-2023-5754)

    Vulnerability from nvd – Published: 2023-10-26 19:47 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5754",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:31.175439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:38.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": " Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\nSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T19:47:06.226Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-5754",
        "datePublished": "2023-10-26T19:47:06.226Z",
        "dateReserved": "2023-10-24T16:24:16.565Z",
        "dateUpdated": "2025-01-16T21:27:38.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46662 (GCVE-0-2023-46662)

    Vulnerability from nvd – Published: 2023-10-26 20:00 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46662",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:42.009994Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:22.856Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:00:05.085Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46662",
        "datePublished": "2023-10-26T20:00:05.085Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:27:22.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46661 (GCVE-0-2023-46661)

    Vulnerability from nvd – Published: 2023-10-26 19:57 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:21.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:27.511840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:31.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\u003c/p\u003e\u003cbr\u003e\n\n"
                }
              ],
              "value": "\nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T19:57:12.046Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46661",
        "datePublished": "2023-10-26T19:57:12.046Z",
        "dateReserved": "2023-10-24T16:27:17.281Z",
        "dateUpdated": "2025-01-16T21:27:31.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0897 (GCVE-0-2023-0897)

    Vulnerability from nvd – Published: 2023-10-26 19:44 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Session FIxation in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:00.626921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:45.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": " Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\u003c/p\u003e\u003cbr\u003e\n\n"
                }
              ],
              "value": "\nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T19:44:01.703Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Session FIxation in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-0897",
        "datePublished": "2023-10-26T19:44:01.703Z",
        "dateReserved": "2023-02-17T21:23:31.932Z",
        "dateUpdated": "2025-01-16T21:27:45.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46665 (GCVE-0-2023-46665)

    Vulnerability from cvelistv5 – Published: 2023-10-26 20:08 – Updated: 2025-01-16 21:26
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.790Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46665",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:24.780289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:26:57.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\u003c/p\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:08:22.908Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46665",
        "datePublished": "2023-10-26T20:08:22.908Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:26:57.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46664 (GCVE-0-2023-46664)

    Vulnerability from cvelistv5 – Published: 2023-10-26 20:04 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:36.232976Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:05.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:04:33.638Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46664",
        "datePublished": "2023-10-26T20:04:33.638Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:27:05.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46663 (GCVE-0-2023-46663)

    Vulnerability from cvelistv5 – Published: 2023-10-26 20:02 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:39.161131Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:13.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\u003c/p\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:02:24.004Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46663",
        "datePublished": "2023-10-26T20:02:24.004Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:27:13.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46662 (GCVE-0-2023-46662)

    Vulnerability from cvelistv5 – Published: 2023-10-26 20:00 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46662",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:42.009994Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:22.856Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T20:00:05.085Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46662",
        "datePublished": "2023-10-26T20:00:05.085Z",
        "dateReserved": "2023-10-24T16:27:17.282Z",
        "dateUpdated": "2025-01-16T21:27:22.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46661 (GCVE-0-2023-46661)

    Vulnerability from cvelistv5 – Published: 2023-10-26 19:57 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Access Control in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:21.079Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:27.511840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:31.395Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\u003c/p\u003e\u003cbr\u003e\n\n"
                }
              ],
              "value": "\nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T19:57:12.046Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Access Control in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-46661",
        "datePublished": "2023-10-26T19:57:12.046Z",
        "dateReserved": "2023-10-24T16:27:17.281Z",
        "dateUpdated": "2025-01-16T21:27:31.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5754 (GCVE-0-2023-5754)

    Vulnerability from cvelistv5 – Published: 2023-10-26 19:47 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5754",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:31.175439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:38.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": " Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
                }
              ],
              "value": "\n\n\n\n\nSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\n\n\n\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T19:47:06.226Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-5754",
        "datePublished": "2023-10-26T19:47:06.226Z",
        "dateReserved": "2023-10-24T16:24:16.565Z",
        "dateUpdated": "2025-01-16T21:27:38.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0897 (GCVE-0-2023-0897)

    Vulnerability from cvelistv5 – Published: 2023-10-26 19:44 – Updated: 2025-01-16 21:27
    VLAI
    Title
    Session FIxation in Sielco PolyEco1000
    Summary
    Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sielco PolyEco1000 Affected: CPU:2.0.6 FPGA:10.19
    Affected: CPU:1.9.4 FPGA:10.19
    Affected: CPU:1.9.3 FPGA:10.19
    Affected: CPU:1.7.0 FPGA:10.16
    Affected: CPU:2.0.2 FPGA:10.19
    Affected: CPU:2.0.0 FPGA:10.19
    Create a notification for this product.
    Credits
    Gjoko Krstic
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:00.626921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:27:45.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PolyEco1000",
              "vendor": "Sielco ",
              "versions": [
                {
                  "status": "affected",
                  "version": "CPU:2.0.6 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.4 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.9.3 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:1.7.0 FPGA:10.16"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.2 FPGA:10.19"
                },
                {
                  "status": "affected",
                  "version": "CPU:2.0.0 FPGA:10.19"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": " Gjoko Krstic"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\u003c/p\u003e\u003cbr\u003e\n\n"
                }
              ],
              "value": "\nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-26T19:44:01.703Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Session FIxation in Sielco PolyEco1000",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-0897",
        "datePublished": "2023-10-26T19:44:01.703Z",
        "dateReserved": "2023-02-17T21:23:31.932Z",
        "dateUpdated": "2025-01-16T21:27:45.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }