CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35120 – PiiGAB M-Bus Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-35120
06 Jul 2023 — PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34433 – PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort
https://notcve.org/view.php?id=CVE-2023-34433
06 Jul 2023 — PiiGAB M-Bus stores passwords using a weak hash algorithm. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34995 – PiiGAB M-Bus Weak Password Requirements
https://notcve.org/view.php?id=CVE-2023-34995
06 Jul 2023 — There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-521: Weak Password Requirements •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32652 – PiiGAB M-Bus Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-32652
06 Jul 2023 — PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35765 – PiiGAB M-Bus Plaintext Storage of a Password
https://notcve.org/view.php?id=CVE-2023-35765
06 Jul 2023 — PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-256: Plaintext Storage of a Password •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35987 – PiiGAB M-Bus Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2023-35987
06 Jul 2023 — PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31277 – PiiGAB M-Bus Unprotected Transport of Credentials
https://notcve.org/view.php?id=CVE-2023-31277
06 Jul 2023 — PiiGAB M-Bus transmits credentials in plaintext format. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-523: Unprotected Transport of Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33868 – PiiGAB M-Bus Improper Restriction of Excessive Authentication Attempts
https://notcve.org/view.php?id=CVE-2023-33868
06 Jul 2023 — The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36859 – PiiGAB M-Bus Code Injection
https://notcve.org/view.php?id=CVE-2023-36859
06 Jul 2023 — PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •