CVE-2023-28718
published 2023-03-28CVE-2023-28718: Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may…
PriorityP340high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.25%
16.7th percentile
Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| propump_and_controls_inc | osprey_pump_controller | — | — |
| propumpservice | osprey_pump_controller_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
ProPump and Controls Osprey Pump Controller (Update A)
cisa_ics·2024-02-08·CVSS 5.5
[MEDIUM] ProPump and Controls Osprey Pump Controller (Update A)
ICS Advisory
##
ProPump and Controls Osprey Pump Controller (Update A)
Last RevisedFebruary 08, 2024
Alert CodeICSA-23-082-06
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: ProPump and Controls, Inc.
- Equipment: Osprey Pump Controller
- Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an Alternate Path or Channel, Cross-Site Request Forgery, Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modi
GHSA
GHSA-h56j-23jq-w46f: Osprey Pump Controller version 1
ghsa_unreviewed·2023-03-28
CVE-2023-28718 [HIGH] CWE-352 GHSA-h56j-23jq-w46f: Osprey Pump Controller version 1
Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-28
Published