// For flags

CVE-2023-4291

Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (3)
NVD, NVD, TN
CWE (1)
CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC (-)
Risk
CVSS Score
9.8 Critical
SSVC
Attend
KEV
-
EPSS
0.0%
Affected Products (-)
Vendors (1)
frauscher
Products (1)
frauscher_diagnostic_system_101
Versions (1)
<= 1.4.24
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (1)
General (1)
vde
Exploits & POcs (-)
Patches (-)
Advisories (-)
Summary
Descriptions

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.

Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de ejecución remota de código (RCE) a través de parámetros manipulados de la interfaz web sin autenticación. Esto podría provocar un compromiso total del dispositivo FDS101.

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-08-10 CVE Reserved
  • 2023-09-21 CVE Published
  • 2024-09-24 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

References (1)
URL Tag Source
https://cert.vde.com/en/advisories/VDE-2023-038 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Frauscher
Search vendor "Frauscher"
 Frauscher Diagnostic System 101
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101"
 <= 1.4.24
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101" and version " <= 1.4.24"
fadc
Affected
Frauscher
Search vendor "Frauscher"
 Frauscher Diagnostic System 101
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101"
 <= 1.4.24
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101" and version " <= 1.4.24"
fadci
Affected