{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45317","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-10-25T15:23:55.532Z","datePublished":"2023-10-26T16:17:37.365Z","dateUpdated":"2025-01-16T21:28:15.955Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Analog FM transmitter","vendor":"Sielco","versions":[{"status":"affected","version":"2.12 (EXC5000GX)"},{"status":"affected","version":"2.12 (EXC120GX)"},{"status":"affected","version":"2.11 (EXC300GX)"},{"status":"affected","version":"2.10 (EXC1600GX)"},{"status":"affected","version":"2.10 (EXC2000GX)"},{"status":"affected","version":"2.08 (EXC1600GX)"},{"status":"affected","version":"2.08 (EXC1000GX)"},{"status":"affected","version":"2.07 (EXC3000GX)"},{"status":"affected","version":"2.06 (EXC5000GX)"},{"status":"affected","version":"1.7.7 (EXC30GT)"},{"status":"affected","version":"1.7.4 (EXC300GT)"},{"status":"affected","version":"1.7.4 (EXC100GT)"},{"status":"affected","version":"1.7.4 (EXC5000GT)"},{"status":"affected","version":"1.6.3 (EXC1000GT)"},{"status":"affected","version":"1.5.4 (EXC120GT)"}]},{"defaultStatus":"unaffected","product":"Radio Link","vendor":"Sielco ","versions":[{"status":"affected","version":"2.06 (RTX19)"},{"status":"affected","version":"2.05 (RTX19)"},{"status":"affected","version":"2.00 (EXC19)"},{"status":"affected","version":"1.60 (RTX19)"},{"status":"affected","version":"1.59 (RTX19)"},{"status":"affected","version":"1.55 (EXC19)"}]}],"datePublic":"2023-10-26T16:02:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"}],"value":"\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-352","description":"CWE-352 Cross-Site Request Forgery","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-10-26T16:17:37.365Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"},{"url":"https://www.sielco.org/en/contacts"}],"source":{"discovery":"EXTERNAL"},"title":"Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support for additional information.\n\n
"}],"value":"Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts for additional information.\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:21:15.390Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08","tags":["x_transferred"]},{"url":"https://www.sielco.org/en/contacts","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T21:20:07.199578Z","id":"CVE-2023-45317","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T21:28:15.955Z"}}]}}