{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-41966","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-10-25T15:23:55.519Z","datePublished":"2023-10-26T16:21:56.412Z","dateUpdated":"2025-01-16T21:28:02.298Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Analog FM transmitter","vendor":"Sielco","versions":[{"status":"affected","version":"2.12 (EXC5000GX)"},{"status":"affected","version":"2.12 (EXC120GX)"},{"status":"affected","version":"2.11 (EXC300GX)"},{"status":"affected","version":"2.10 (EXC1600GX)"},{"status":"affected","version":"2.10 (EXC2000GX)"},{"status":"affected","version":"2.08 (EXC1600GX)"},{"status":"affected","version":"2.08 (EXC1000GX)"},{"status":"affected","version":"2.07 (EXC3000GX)"},{"status":"affected","version":"2.06 (EXC5000GX)"},{"status":"affected","version":"1.7.7 (EXC30GT)"},{"status":"affected","version":"1.7.4 (EXC300GT)"},{"status":"affected","version":"1.7.4 (EXC100GT)"},{"status":"affected","version":"1.7.4 (EXC5000GT)"},{"status":"affected","version":"1.6.3 (EXC1000GT)"},{"status":"affected","version":"1.5.4 (EXC120GT)"}]},{"defaultStatus":"unaffected","product":"Radio Link","vendor":"Sielco ","versions":[{"status":"affected","version":"2.06 (RTX19)"},{"status":"affected","version":"2.05 (RTX19)"},{"status":"affected","version":"2.00 (EXC19)"},{"status":"affected","version":"1.60 (RTX19)"},{"status":"affected","version":"1.59 (RTX19)"},{"status":"affected","version":"1.55 (EXC19)"}]}],"datePublic":"2023-10-26T16:02:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"}],"value":"\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-267","description":"CWE-267 Privilege Defined With Unsafe Actions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-10-26T16:21:56.412Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"},{"url":"https://www.sielco.org/en/contacts"}],"source":{"discovery":"EXTERNAL"},"title":"Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\">customer support</a>&nbsp;for additional information.\n\n<br>"}],"value":"Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts  for additional information.\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:09:49.582Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08","tags":["x_transferred"]},{"url":"https://www.sielco.org/en/contacts","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T21:18:51.607180Z","id":"CVE-2023-41966","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T21:28:02.298Z"}}]}}