CVE-2023-43775 Vulnerability Details

  /     /     /  

CVE-2023-43775 Metadata Quick Info

CVE Published: 26/09/2023 | CVE Updated: 24/09/2024 | CVE Year: 2023
Source: Eaton | Vendor: Eaton | Product: SMP SG-4260
Status : PUBLISHED

CVE-2023-43775 Description

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore.

Metrics

CVSS Version: 3.1 | Base Score: 4.7 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-400
CWE Name: CWE-400: Uncontrolled Resource Consumption
Source: Eaton

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).