CVE-2023-35987 – PiiGAB M-Bus Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2023-35987
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-798: Use of Hard-coded Credentials •
CVE-2023-31277 – PiiGAB M-Bus Unprotected Transport of Credentials
https://notcve.org/view.php?id=CVE-2023-31277
PiiGAB M-Bus transmits credentials in plaintext format. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-523: Unprotected Transport of Credentials •
CVE-2023-33868 – PiiGAB M-Bus Improper Restriction of Excessive Authentication Attempts
https://notcve.org/view.php?id=CVE-2023-33868
The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-36859 – PiiGAB M-Bus Code Injection
https://notcve.org/view.php?id=CVE-2023-36859
PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •