Warning: Undefined array key -1 in /var/app/current/public/handle_configs.php on line 862 Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /var/app/current/public/handle_configs.php on line 870 CVE-2023-4292 - Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability // For flags

CVE-2023-4292

Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (2)
NVD, NVD
CWE (1)
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC (-)
Risk
CVSS Score
5.3 Medium
SSVC
Attend
KEV
-
EPSS
0.0%
Affected Products (-)
Vendors (1)
frauscher
Products (1)
frauscher_diagnostic_system_101
Versions (1)
<= 1.4.24
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (1)
General (1)
Exploits & POcs (-)
Patches (-)
Advisories (-)
Summary
Descriptions

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.

Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de inyección SQL a través de parámetros manipulados de la interfaz web sin autenticación. La base de datos contiene información de registro limitada y no crítica.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-08-10 CVE Reserved
  • 2023-09-21 CVE Published
  • 2024-09-24 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

References (1)
URL Tag Source
https://https://cert.vde.com/en/advisories/VDE-2023-038 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Frauscher
Search vendor "Frauscher"
 Frauscher Diagnostic System 101
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101"
 <= 1.4.24
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101" and version " <= 1.4.24"
fadc
Affected
Frauscher
Search vendor "Frauscher"
 Frauscher Diagnostic System 101
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101"
 <= 1.4.24
Search vendor "Frauscher" for product "Frauscher Diagnostic System 101" and version " <= 1.4.24"
fadci
Affected