CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35120 – PiiGAB M-Bus Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-35120
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34433 – PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort
https://notcve.org/view.php?id=CVE-2023-34433
PiiGAB M-Bus stores passwords using a weak hash algorithm. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34995 – PiiGAB M-Bus Weak Password Requirements
https://notcve.org/view.php?id=CVE-2023-34995
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-521: Weak Password Requirements •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32652 – PiiGAB M-Bus Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-32652
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35765 – PiiGAB M-Bus Plaintext Storage of a Password
https://notcve.org/view.php?id=CVE-2023-35765
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-256: Plaintext Storage of a Password •