Vulnerabilities > CVE-2023-25183 - Unspecified vulnerability in Snapone Orvc
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 | |
Hardware | 1 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf
- https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf