Vulnerability Details : CVE-2023-40707
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
Products affected by CVE-2023-40707
- cpe:2.3:o:opto22:snap_pac_s1_firmware:r10.3b:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40707
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40707
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
3.9
|
4.0
|
Dragos, Inc. |
CWE ids for CVE-2023-40707
-
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.Assigned by:
- nvd@nist.gov (Primary)
- ot-cert@dragos.com (Secondary)
References for CVE-2023-40707
-
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02
OPTO 22 SNAP PAC S1 | CISAThird Party Advisory;US Government Resource
Jump to