CVE-2023-28718

HIGH

Osprey Pump Controller <1.01 - CSRF

Title source: llm
STIX 2.1

Description

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06

Scores

CVSS v3 7.1
EPSS 0.0025
EPSS Percentile 16.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Products (1)
propumpservice/osprey_pump_controller_firmware 1.01
Published Mar 28, 2023
Tracked Since Feb 18, 2026