CVE-2023-0451
HIGHEconolite EOS < 3.2.23 - Unauthenticated Sensitive Information Exposure via Log and Configuration Files
Title source: llmDescription
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02
Scores
CVSS v3
7.5
EPSS
0.0083
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
econolite/eos
Published
Jan 26, 2023
Tracked Since
Feb 18, 2026