CVE-2023-5846
published 2023-11-02CVE-2023-5846: Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.28%
20.1th percentile
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| franklin_fueling_system | ts-550 | < 1.9.23.8960 | 1.9.23.8960 |
| franklinfueling | ts-550_evo_firmware | < 1.9.23.8960 | 1.9.23.8960 |
Detection & IOCsextracted from sources · hover to see the quote
- →Public Proof of Concept (PoC) exploit exists on Exploit-DB for CVE-2023-5846, authored by Parsa Rezaie Khiabanloo — search Exploit-DB for TS-550 credential decode PoC to obtain specific signatures. ↗
- →Target detection on unauthenticated remote access attempts to Franklin Fueling System TS-550 devices running firmware versions prior to 1.9.23.8960; exploitation requires no authentication and low complexity over the network. ↗
- →CVSS vector indicates network-accessible, no-auth, no-interaction exploit path — alert on any external network connections to TS-550 management interfaces. ↗
- ·All TS-550 firmware versions prior to 1.9.23.8960 are affected; patched version is exactly 1.9.23.8960 — use firmware version fingerprinting to identify vulnerable devices. ↗
- ·The vulnerability class is CWE-916 (Use of Password Hash with Insufficient Computational Effort), meaning admin credential hashes stored or transmitted by the device can be decoded — detection should focus on credential exposure rather than brute-force patterns. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Franklin Fueling System TS-550
cisa_ics·2023-11-02·CVSS 8.3
[HIGH] Franklin Fueling System TS-550
ICS Advisory
##
Franklin Fueling System TS-550
Release DateNovember 02, 2023
Alert CodeICSA-23-306-04
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.3
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Franklin Fueling System
- Equipment: TS-550
- Vulnerability: Use of Password Hash with Insufficient Computational Effort
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access the device and gain unauthenticated access.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Franklin Fueling System TS-550, are affected:
- TS-550: All versions prior to 1.9.23.8960
## 3.2 Vulnerability Overview
3.2.1 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTA
GHSA
GHSA-85rp-m9xf-h964: Franklin Fueling System TS-550 versions prior to 1
ghsa_unreviewed·2023-11-02
CVE-2023-5846 [HIGH] CWE-916 GHSA-85rp-m9xf-h964: Franklin Fueling System TS-550 versions prior to 1
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-02
Published