Uc 500E Firmware
CVE-2023-50705
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An attacker could create malicious requests to obtain sensitive information about the web server.
AnalysisAI
An attacker could create malicious requests to obtain sensitive information about the web server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An attacker could create malicious requests to obtain sensitive information about the web server. Affected products include: Efacec Uc 500E Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Uc 500E Firmware
View allAn attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and c
An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gai
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the runn
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today