CVE-2023-46663

Summary

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

Affected Software

VendorProductVersion RangeStatus
SielcoPolyEco1000CPU:2.0.6 FPGA:10.19affected
SielcoPolyEco1000CPU:1.9.4 FPGA:10.19affected
SielcoPolyEco1000CPU:1.9.3 FPGA:10.19affected
SielcoPolyEco1000CPU:1.7.0 FPGA:10.16affected
SielcoPolyEco1000CPU:2.0.2 FPGA:10.19affected
SielcoPolyEco1000CPU:2.0.0 FPGA:10.19affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References