CVE-2023-24501

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-24501
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:electra-air:central_ac_unit_firmware:v4:*:*:*:*:*:*:*
cpe:2.3:o:electra-air:central_ac_unit_firmware:v5:*:*:*:*:*:*:*
cpe:2.3:h:electra-air:central_ac_unit:-:*:*:*:*:*:*:*
History

27 Apr 2023, 20:14

Type Values Removed Values Added
CPE cpe:2.3:o:electra-air:central_ac_unit_firmware:v4:*:*:*:*:*:*:*
cpe:2.3:h:electra-air:central_ac_unit:-:*:*:*:*:*:*:*
cpe:2.3:o:electra-air:central_ac_unit_firmware:v5:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-798
References (MISC) https://www.gov.il/en/Departments/faq/cve_advisories - (MISC) https://www.gov.il/en/Departments/faq/cve_advisories - Third Party Advisory

18 Apr 2023, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-17 22:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-24501

Mitre link : CVE-2023-24501

CVE.ORG link : CVE-2023-24501

JSON object : View

Products Affected

electra-air

  • central_ac_unit
  • central_ac_unit_firmware
CWE
CWE-798

Use of Hard-coded Credentials