CVE-2023-22316 - Vulnerability Details - OpenCVE

Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Pixela	Pix-rt100 Pix-rt100 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:pixela:pix-rt100_firmware:2.1.1_eq101:::::::*
	cpe:2.3:o:pixela:pix-rt100_firmware:2.1.2_eq101:::::::*

cpe:2.3:h:pixela:pix-rt100:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN57296685/index.html
https://www.pixela.co.jp/products/network/pix_rt100/update.html

History

Fri, 04 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-912
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-01-17T00:00:00.000Z

Updated: 2025-04-04T17:49:36.747Z

Reserved: 2022-12-28T00:00:00.000Z

Link: CVE-2023-22316

Vulnrichment

Updated: 2024-08-02T10:07:05.885Z

NVD

Status : Modified

Published: 2023-01-17T10:15:11.823

Modified: 2025-04-04T18:15:47.120

Link: CVE-2023-22316

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22316", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "dateUpdated": "2025-04-04T17:49:36.747Z", "dateReserved": "2022-12-28T00:00:00.000Z", "datePublished": "2023-01-17T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-01-17T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services."}], "affected": [{"vendor": "PIXELA CORPORATION", "product": "PIX-RT100", "versions": [{"version": "versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101", "status": "affected"}]}], "references": [{"url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html"}, {"url": "https://jvn.jp/en/jp/JVN57296685/index.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Hidden Functionality"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:05.885Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN57296685/index.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-912", "lang": "en", "description": "CWE-912 Hidden Functionality"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T17:47:47.561117Z", "id": "CVE-2023-22316", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T17:49:36.747Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN57296685/index.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:05.885Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-22316", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-04T17:47:47.561117Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "CWE-912 Hidden Functionality"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T17:49:28.093Z"}}], "cna": {"affected": [{"vendor": "PIXELA CORPORATION", "product": "PIX-RT100", "versions": [{"status": "affected", "version": "versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101"}]}], "references": [{"url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html"}, {"url": "https://jvn.jp/en/jp/JVN57296685/index.html"}], "descriptions": [{"lang": "en", "value": "Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Hidden Functionality"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-01-17T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22316", "state": "PUBLISHED", "dateUpdated": "2025-04-04T17:49:36.747Z", "dateReserved": "2022-12-28T00:00:00.000Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-01-17T00:00:00.000Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:pixela:pix-rt100_firmware:2.1.1_eq101:*:*:*:*:*:*:*", "matchCriteriaId": "5E8088E2-6059-4EA8-B815-1B21F819E619", "vulnerable": true}, {"criteria": "cpe:2.3:o:pixela:pix-rt100_firmware:2.1.2_eq101:*:*:*:*:*:*:*", "matchCriteriaId": "3EB146C8-3CA0-4C34-B247-F57A8D5854F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:pixela:pix-rt100:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0DCE112-054D-46F3-A45E-B6AB73B554AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services."}, {"lang": "es", "value": "Vulnerabilidad de funcionalidad oculta en las versiones RT100_TEQ_2.1.1_EQ101 y RT100_TEQ_2.1.2_EQ101 de PIX-RT100 permite que un atacante adyacente a la red acceda al producto a trav\u00e9s de servicios Telnet o SSH no documentados."}], "id": "CVE-2023-22316", "lastModified": "2025-04-04T18:15:47.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-17T10:15:11.823", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN57296685/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN57296685/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.pixela.co.jp/products/network/pix_rt100/update.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-912"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}