Multiple vulnerabilities in Atlas Copco Power Focus 6000
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-1897 CVE-2023-1898 CVE-2023-1899 |
| CWE-ID | CWE-312 CWE-334 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Power Focus 6000 Hardware solutions / Other hardware appliances |
| Vendor | Atlas Copco |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Cleartext storage of sensitive information
EUVDB-ID: #VU77108
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-1897
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information. A remote attacker can gain credential information of the controller.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPower Focus 6000: All versions
CPE2.3 External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Small Space of Random Values
EUVDB-ID: #VU77109
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-1898
CWE-ID:
CWE-334 - Small Space of Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected application uses a small amount of session Id numbers. A remote attacker can enter a session Id number to retrieve data for an active user’s session.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPower Focus 6000: All versions
CPE2.3 External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cleartext transmission of sensitive information
EUVDB-ID: #VU77110
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-1899
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPower Focus 6000: All versions
CPE2.3 External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
