{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45228","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-10-25T15:23:55.527Z","datePublished":"2023-10-26T16:19:41.642Z","dateUpdated":"2025-01-16T21:28:09.489Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Analog FM transmitter","vendor":"Sielco","versions":[{"status":"affected","version":"2.12 (EXC5000GX)"},{"status":"affected","version":"2.12 (EXC120GX)"},{"status":"affected","version":"2.11 (EXC300GX)"},{"status":"affected","version":"2.10 (EXC1600GX)"},{"status":"affected","version":"2.10 (EXC2000GX)"},{"status":"affected","version":"2.08 (EXC1600GX)"},{"status":"affected","version":"2.08 (EXC1000GX)"},{"status":"affected","version":"2.07 (EXC3000GX)"},{"status":"affected","version":"2.06 (EXC5000GX)"},{"status":"affected","version":"1.7.7 (EXC30GT)"},{"status":"affected","version":"1.7.4 (EXC300GT)"},{"status":"affected","version":"1.7.4 (EXC100GT)"},{"status":"affected","version":"1.7.4 (EXC5000GT)"},{"status":"affected","version":"1.6.3 (EXC1000GT)"},{"status":"affected","version":"1.5.4 (EXC120GT)"}]},{"defaultStatus":"unaffected","product":"Radio Link","vendor":"Sielco ","versions":[{"status":"affected","version":"2.06 (RTX19)"},{"status":"affected","version":"2.05 (RTX19)"},{"status":"affected","version":"2.00 (EXC19)"},{"status":"affected","version":"1.60 (RTX19)"},{"status":"affected","version":"1.59 (RTX19)"},{"status":"affected","version":"1.55 (EXC19)"}]}],"datePublic":"2023-10-26T16:02:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"}],"value":"\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284  Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-10-26T16:19:41.642Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"},{"url":"https://www.sielco.org/en/contacts"}],"source":{"discovery":"EXTERNAL"},"title":"Sielco Radio Link and Analog FM Transmitters  Improper Access Control","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\">customer support</a>&nbsp;for additional information.\n\n<br>"}],"value":"Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts  for additional information.\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:14:19.919Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08","tags":["x_transferred"]},{"url":"https://www.sielco.org/en/contacts","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T21:18:55.827236Z","id":"CVE-2023-45228","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T21:28:09.489Z"}}]}}