CVE-2023-28718

Published Mar 28, 2023

Last updated a year ago

Overview

Description: Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 8
Impact score: 5.9
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-352

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:propumpservice:osprey_pump_controller_firmware:1.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B10E95-86EC-4C15-83B4-73B7384A5C43"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:propumpservice:osprey_pump_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "16780CFE-7F41-4A59-8C5C-CFB6AA7D22E3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References