Vulnerabilities > Efacec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-50703 | Cleartext Transmission of Sensitive Information vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | 5.9 |
| 2023-12-20 | CVE-2023-50704 | Open Redirect vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | 6.1 |
| 2023-12-20 | CVE-2023-50705 | Incorrect Authorization vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker could create malicious requests to obtain sensitive information about the web server. | 5.3 |
| 2023-12-20 | CVE-2023-50706 | Unspecified vulnerability in Efacec UC 500E Firmware 10.1.0 A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. low complexity efacec | 4.3 |
| 2023-12-20 | CVE-2023-50707 | Resource Exhaustion vulnerability in Efacec BCU 500 Firmware 4.07 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. | 7.5 |
| 2023-12-20 | CVE-2023-6689 | Cross-Site Request Forgery (CSRF) vulnerability in Efacec BCU 500 Firmware 4.07 A successful CSRF attack could force the user to perform state changing requests on the application. | 8.8 |