Vulnerability Details CVE-2023-0897
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.9%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-0897
-
cpe:2.3:h:sielco:polyeco1000:-
-
cpe:2.3:h:sielco:polyeco300:-
-
cpe:2.3:h:sielco:polyeco500:-
-
cpe:2.3:o:sielco:polyeco1000_firmware:1.9.3
-
cpe:2.3:o:sielco:polyeco1000_firmware:1.9.4
-
cpe:2.3:o:sielco:polyeco1000_firmware:10.19
-
cpe:2.3:o:sielco:polyeco1000_firmware:2.0.6
-
cpe:2.3:o:sielco:polyeco300_firmware:10.19
-
cpe:2.3:o:sielco:polyeco300_firmware:2.0.0
-
cpe:2.3:o:sielco:polyeco300_firmware:2.0.2
-
cpe:2.3:o:sielco:polyeco500_firmware:1.7.0
-
cpe:2.3:o:sielco:polyeco500_firmware:10.16