Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.
History

Thu, 17 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Connectedio connected Io
CPEs cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*
Vendors & Products Connectedio connected Io
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-04T00:00:00

Updated: 2024-10-17T15:16:20.577Z

Reserved: 2023-05-22T00:00:00

Link: CVE-2023-33379

cve-icon Vulnrichment

Updated: 2024-08-02T15:47:05.195Z

cve-icon NVD

Status : Modified

Published: 2023-08-04T18:15:12.937

Modified: 2024-11-21T08:05:31.147

Link: CVE-2023-33379

cve-icon Redhat

No data.