CVE-2023-5702
published 2023-10-23CVE-2023-5702: A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the…
PriorityP345medium6.5CVSS 3.1
AVAACLPRNUINSUCHINAN
EXPLOIT
EPSS
14.54%
96.2th percentile
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| viessmann | vitogate_300 | — | — |
| viessmann | vitogate_300 | — | — |
| viessmann | vitogate_300 | — | — |
| viessmann | vitogate_300 | — | — |
| viessmann | vitogate_300_firmware | <= 2.1.3.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-782x-9xpx-3gm4: A vulnerability was found in Viessmann Vitogate 300 up to 2
ghsa_unreviewed·2023-10-23
CVE-2023-5702 [MEDIUM] CWE-425 GHSA-782x-9xpx-3gm4: A vulnerability was found in Viessmann Vitogate 300 up to 2
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CISA ICS
Viessmann Climate Solutions SE Vitogate 300
cisa_ics·2024-09-10·CVSS 6.3
[MEDIUM] Viessmann Climate Solutions SE Vitogate 300
ICS Advisory
##
Viessmann Climate Solutions SE Vitogate 300
Release DateSeptember 10, 2024
Alert CodeICSA-24-254-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Viessmann Climate Solutions SE
- Equipment: Vitogate 300
- Vulnerabilities: Use of Hard-coded Credentials, Forced Browsing, Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Viessmann Climate Solutions SE Vitogate 300, a solution to connectin
Suricata
ET EXPLOIT Viessmann Vitogate 300 Command Injection Attempt (CVE-2023-5702)
suricata·2024-03-15·CVSS 4.3
CVE-2023-5702 [MEDIUM] ET EXPLOIT Viessmann Vitogate 300 Command Injection Attempt (CVE-2023-5702)
ET EXPLOIT Viessmann Vitogate 300 Command Injection Attempt (CVE-2023-5702)
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Viessmann Vitogate 300 Command Injection Attempt (CVE-2023-5702)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/cgi-bin/vitogate.cgi"; fast_pattern; http.content_type; content:"application/json"; http.request_body; content:"|7b 22|method|22 3a 20 22|put|22 2c 20 22|form|22 3a 20 22|"; startswith; content:"|22 2c 20 22|session|22 3a 20 22|"; within:60; content:"|22 2c 20 22|params|22 3a 20 7b 22|ipaddr|22 3a 20 22|"; within:60; content:"|3b|"; within:50; content:"|22 7d 7d|"; endswith; reference:cve,2023-5702; reference:url,www.exploit-db.com/exploits/51887; classtype:attempted-admin; sid:2051666; rev:1; metadata:affected_pro
No writeups or analysis indexed.
https://github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.mdhttps://vuldb.com/?ctiid.243140https://vuldb.com/?id.243140https://github.com/GTA12138/vul/blob/main/Viessmann/Vitogate300_Document_Unauthorized_Access.mdhttps://vuldb.com/?ctiid.243140https://vuldb.com/?id.243140
2023-10-23
Published