Vulnerability Details CVE-2023-35120
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-35120
-
cpe:2.3:h:piigab:m-bus_900s:-
-
cpe:2.3:o:piigab:m-bus_900s_firmware:-