CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-28398

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06
https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06

Products affected by CVE-2023-28398

Propumpservice » Osprey Pump Controller » Version: N/A

cpe:2.3:h:propumpservice:osprey_pump_controller:-
Propumpservice » Osprey Pump Controller Firmware » Version: 1.01

cpe:2.3:o:propumpservice:osprey_pump_controller_firmware:1.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28398

Products

Pricing

Contact Us