CVE-2023-4292 - Vulnerability Details - OpenCVE

ReportizFlow

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Frauscher	Frauscher Diagnostic System 101

Configuration 1 [-]

OR	cpe:2.3:a:frauscher:frauscher_diagnostic_system_101::::::fadc::*
	cpe:2.3:a:frauscher:frauscher_diagnostic_system_101::::::fadci::*

No data.

References

Link	Providers
https://https://cert.vde.com/en/advisories/VDE-2023-038

History

Tue, 24 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-09-21T06:18:43.430Z

Updated: 2024-09-24T18:18:27.494Z

Reserved: 2023-08-10T12:36:11.727Z

Link: CVE-2023-4292

Vulnrichment

Updated: 2024-08-02T07:24:03.692Z

NVD

Status : Modified

Published: 2023-09-21T07:15:19.817

Modified: 2024-11-21T08:34:47.827

Link: CVE-2023-4292

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4292", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-08-10T12:36:11.727Z", "datePublished": "2023-09-21T06:18:43.430Z", "dateUpdated": "2024-09-24T18:18:27.494Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FDS101 for FAdC/FAdCi", "vendor": "Frauscher", "versions": [{"lessThanOrEqual": "1.4.24", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-09-21T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.<br></div><br>"}], "value": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-09-21T06:18:43.430Z"}, "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-038"}], "source": {"discovery": "UNKNOWN"}, "title": "Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.692Z"}, "title": "CVE Program Container", "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-038", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T18:18:17.024082Z", "id": "CVE-2023-4292", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:18:27.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-038", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.692Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4292", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T18:18:17.024082Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:18:23.312Z"}}], "cna": {"title": "Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Frauscher", "product": "FDS101 for FAdC/FAdCi", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4.24"}], "defaultStatus": "unaffected"}], "datePublic": "2023-09-21T06:00:00.000Z", "references": [{"url": "https://https://cert.vde.com/en/advisories/VDE-2023-038"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<div>Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.<br></div><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-09-21T06:18:43.430Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4292", "state": "PUBLISHED", "dateUpdated": "2024-09-24T18:18:27.494Z", "dateReserved": "2023-08-10T12:36:11.727Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-09-21T06:18:43.430Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_101:*:*:*:*:*:fadc:*:*", "matchCriteriaId": "8C27C13A-FDC8-4E2C-A4E0-324A29040DC5", "versionEndIncluding": "1.4.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_101:*:*:*:*:*:fadci:*:*", "matchCriteriaId": "65E1CCBA-51DB-439D-951F-1EC97EB9E58D", "versionEndIncluding": "1.4.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.\n\n\n\n"}, {"lang": "es", "value": "Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de par\u00e1metros manipulados de la interfaz web sin autenticaci\u00f3n. La base de datos contiene informaci\u00f3n de registro limitada y no cr\u00edtica."}], "id": "CVE-2023-4292", "lastModified": "2024-11-21T08:34:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2023-09-21T07:15:19.817", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://https://cert.vde.com/en/advisories/VDE-2023-038"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}