{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0451","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-01-23T18:19:27.265Z","datePublished":"2023-01-26T20:37:53.380Z","dateUpdated":"2025-01-16T21:59:03.789Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EOS","vendor":"Econolite","versions":[{"lessThan":"3.2.23","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Rustam Amin"},{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Rustam Amin"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Econolite EOS versions prior to 3.2.23 lack a password\nrequirement for gaining “READONLY” access to log files and certain database and\nconfiguration files. One such file contains tables with MD5 hashes and\nusernames for all defined users in the control software, including\nadministrators and technicians.</p>\n\n\n\n\n\n"}],"value":"Econolite EOS versions prior to 3.2.23 lack a password\nrequirement for gaining “READONLY” access to log files and certain database and\nconfiguration files. One such file contains tables with MD5 hashes and\nusernames for all defined users in the control software, including\nadministrators and technicians.\n\n\n\n\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-06-20T15:37:19.367Z"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:10:56.170Z"},"title":"CVE Program Container","references":[{"tags":["government-resource","x_transferred"],"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T20:57:04.944910Z","id":"CVE-2023-0451","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T21:59:03.789Z"}}]}}