Vulnerabilities > CVE-2023-28610 - Unspecified vulnerability in Omicronenergy Stationguard and Stationscout

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

omicronenergy

critical

NVD

Published: 2023-03-23

Updated: 2023-03-27

Summary

The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system.

Vulnerable Configurations

Part	Description	Count
Application	Omicronenergy Omicronenergy Stationguard - Omicronenergy Stationguard 1.10 Omicronenergy Stationguard 2.20 Omicronenergy Stationscout 1.30 Omicronenergy Stationscout 2.20	5

References

https://www.omicronenergy.com/fileadmin/user_upload/website/files/product-security/osa-5.txt
https://www.omicronenergy.com/en/support/product-security/