Vulnerability Description
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deltaww | Dx-2100L1-Cn Firmware | < 1.5.0.12 |
| Deltaww | Dx-2100L1-Cn | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-033-05PatchThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-033-05PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-0432?
CVE-2023-0432 is a vulnerability with a CVSS score of 9.0 (CRITICAL). The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device ...
How severe is CVE-2023-0432?
CVE-2023-0432 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-0432?
Check the references section above for vendor advisories and patch information. Affected products include: Deltaww Dx-2100L1-Cn Firmware, Deltaww Dx-2100L1-Cn.