CVE-2023-45317
HIGHSielco Analog FM Transmitter Firmware - Cross-Site Request Forgery
Title source: llmDescription
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
Scores
CVSS v3
8.8
EPSS
0.0024
EPSS Percentile
14.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
Status
published
Products (15)
sielco/analog_fm_transmitter_exc1000gt_firmware
sielco/analog_fm_transmitter_exc1000gx_firmware
sielco/analog_fm_transmitter_exc100gt_firmware
sielco/analog_fm_transmitter_exc120gt_firmware
sielco/analog_fm_transmitter_exc120gx_firmware
sielco/analog_fm_transmitter_exc1600gx_firmware
sielco/analog_fm_transmitter_exc2000gx_firmware
sielco/analog_fm_transmitter_exc3000gx_firmware
sielco/analog_fm_transmitter_exc300gt_firmware
sielco/analog_fm_transmitter_exc300gx_firmware
... and 5 more
Published
Oct 26, 2023
Tracked Since
Feb 18, 2026