CVE-2023-45912

HIGH

WIPOTEC GmbH ComScale <4.4.12.723 - Info Disclosure

Title source: llm

Description

WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listings.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt

View Exploit ZIP pw:eip

Various Sources

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45912

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

wipotec/comscale 4.3.29.21344

wipotec/comscale 4.4.12.723

Published Oct 18, 2023

Tracked Since Feb 18, 2026