CVE-2023-45317

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08	Third Party Advisory US Government Resource
https://www.sielco.org/en/contacts	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08	Third Party Advisory US Government Resource
https://www.sielco.org/en/contacts	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc3000gx:2.07:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.06:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc30gt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc30gt:1.7.7:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc300gt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc300gt:1.7.4:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc100gt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc100gt:1.7.4:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gt:1.7.4:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gt:1.6.3:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:sielco:analog_fm_transmitter_exc120gt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:analog_fm_transmitter_exc120gt:1.5.4:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:radio_link_rtx19:2.06:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:radio_link_rtx19:2.05:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:radio_link_exc19:2.00:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:radio_link_rtx19:1.60:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:sielco:radio_link_rtx19_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:radio_link_rtx19:1.59:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:sielco:radio_link_exc19_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sielco:radio_link_exc19:1.55:*:*:*:*:*:*:*

History

21 Nov 2024, 08:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-26 17:15

Updated : 2024-11-21 08:26

NVD link : CVE-2023-45317

Mitre link : CVE-2023-45317

CVE.ORG link : CVE-2023-45317

JSON object : View

Products Affected

sielco

analog_fm_transmitter_exc300gx_firmware
radio_link_exc19_firmware
analog_fm_transmitter_exc100gt_firmware
analog_fm_transmitter_exc1000gt
radio_link_rtx19_firmware
analog_fm_transmitter_exc300gx
analog_fm_transmitter_exc1600gx_firmware
analog_fm_transmitter_exc5000gx
analog_fm_transmitter_exc2000gx_firmware
analog_fm_transmitter_exc5000gt
analog_fm_transmitter_exc120gt_firmware
radio_link_rtx19
analog_fm_transmitter_exc1000gx
analog_fm_transmitter_exc300gt_firmware
analog_fm_transmitter_exc1000gx_firmware
analog_fm_transmitter_exc1000gt_firmware
analog_fm_transmitter_exc5000gx_firmware
analog_fm_transmitter_exc3000gx_firmware
analog_fm_transmitter_exc120gx_firmware
analog_fm_transmitter_exc100gt
analog_fm_transmitter_exc5000gt_firmware
analog_fm_transmitter_exc120gx
analog_fm_transmitter_exc3000gx
analog_fm_transmitter_exc2000gx
radio_link_exc19
analog_fm_transmitter_exc30gt
analog_fm_transmitter_exc120gt
analog_fm_transmitter_exc30gt_firmware
analog_fm_transmitter_exc300gt
analog_fm_transmitter_exc1600gx

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2023-45317

8.8^/10

Attach tags to `CVE-2023-45317`