CVE-2023-28654
Last modified
CVE-2023-28654 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Propumpservice | Osprey Pump Controller Firmware | 1.01 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28654?
How severe is CVE-2023-28654?
How do I fix CVE-2023-28654?
Are you affected by CVE-2023-28654?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST