CVE-2023-2003

Summary

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

Affected Software

VendorProductVersion RangeStatus
UnitronicsVision12104.3, build 5affected

Weaknesses

  • CWE-506: CWE-506: Embedded Malicious Code

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References