CVE-2023-28375

Summary

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

Affected Software

VendorProductVersion RangeStatus
ProPump and Controls, Inc.Osprey Pump Controller1.01affected

Weaknesses

  • CWE-598 Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References