{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-46663","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-10-24T16:27:17.282Z","datePublished":"2023-10-26T20:02:24.004Z","dateUpdated":"2025-01-16T21:27:13.130Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"PolyEco1000","vendor":"Sielco ","versions":[{"status":"affected","version":"CPU:2.0.6 FPGA:10.19"},{"status":"affected","version":"CPU:1.9.4 FPGA:10.19"},{"status":"affected","version":"CPU:1.9.3 FPGA:10.19"},{"status":"affected","version":"CPU:1.7.0 FPGA:10.16"},{"status":"affected","version":"CPU:2.0.2 FPGA:10.19"},{"status":"affected","version":"CPU:2.0.0 FPGA:10.19"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Gjoko Krstic"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<p></p>\n\n<p></p>\n\n<p>Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.</p>\n\n"}],"value":"\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-10-26T20:02:24.004Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"}],"source":{"discovery":"UNKNOWN"},"title":"Improper Access Control in Sielco PolyEco1000","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:53:20.652Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T21:20:39.161131Z","id":"CVE-2023-46663","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T21:27:13.130Z"}}]}}