CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29125 – Heap overflow in CM_main.exe binary in Enel X JuiceBox
https://notcve.org/view.php?id=CVE-2023-29125
05 Nov 2024 — A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700. Se podría provocar un desbordamiento de búfer de almacenamiento dinámico al enviar un paquete específico al puerto TCP 7700. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29122 – Incorrect file ownership of privileged service's libraries in Enel X JuiceBox
https://notcve.org/view.php?id=CVE-2023-29122
05 Nov 2024 — Under certain conditions, access to service libraries is granted to account they should not have access to. Bajo ciertas condiciones, se concede acceso a las librerías de servicios a cuentas a las que no deberían tener acceso. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-708: Incorrect Ownership Assignment •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29121 – Exposed TCF agent service in Enel X Juicebox
https://notcve.org/view.php?id=CVE-2023-29121
05 Nov 2024 — Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system. El servicio Waybox Enel TCF Agent se puede utilizar para obtener privilegios de administrador en el sistema Waybox. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-284: Improper Access Control •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29120 – Unauthorized Remote Command Execution in Enel X Juicebox
https://notcve.org/view.php?id=CVE-2023-29120
05 Nov 2024 — Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system. La aplicación de gestión web Waybox Enel X podría usarse para ejecutar comandos arbitrarios del sistema operativo y proporcionar privilegios de administrador sobre el sistema Waybox. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29119 – Unauthorized SQLite Injection
https://notcve.org/view.php?id=CVE-2023-29119
05 Nov 2024 — Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php. La aplicación de gestión web Waybox Enel X podría ejecutar solicitudes arbitrarias en la base de datos interna a través de /admin/dbstore.php. Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29118 – Unauthorized SQLite Injection in Enel X Juicebox
https://notcve.org/view.php?id=CVE-2023-29118
05 Nov 2024 — Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php. La aplicación de gestión web Waybox Enel X podría ejecutar solicitudes arbitrarias en la base de datos interna a través de /admin/versions.php. Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29117 – Authentication Bypass in JuiceBox Web Manager interface
https://notcve.org/view.php?id=CVE-2023-29117
05 Nov 2024 — Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. La autenticación de la API de gestión web de Waybox Enel X podría omitirse y proporcionar privilegios de administrador sobre el sistema Waybox. • https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf • CWE-287: Improper Authentication •