CVE-2023-25914 - Vulnerability Details - OpenCVE

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Danfoss	Ak-sm 800a Ak-sm 800a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:danfoss:ak-sm_800a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:danfoss:ak-sm_800a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://csirt.divd.nl/CVE-2023-25914
https://csirt.divd.nl/DIVD-2023-00025

History

Wed, 16 Oct 2024 12:00:00 +0000

Type	Values Removed	Values Added
Description	Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.	Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.
Title	Path Traversal in Danfoss AK-SM800A	Authneticated Path Traversal in Danfoss AK-SM800A
Metrics	cvssV3_1 `{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: DIVD

Published: 2023-08-21T20:30:03.122Z

Updated: 2025-01-09T07:56:41.313Z

Reserved: 2023-02-16T14:22:41.966Z

Link: CVE-2023-25914

Vulnrichment

Updated: 2024-08-02T11:32:12.736Z

NVD

Status : Analyzed

Published: 2023-08-21T21:15:08.970

Modified: 2025-01-17T17:54:40.107

Link: CVE-2023-25914

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25914", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "state": "PUBLISHED", "assignerShortName": "DIVD", "dateReserved": "2023-02-16T14:22:41.966Z", "datePublished": "2023-08-21T20:30:03.122Z", "dateUpdated": "2025-01-09T07:56:41.313Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-01-09T07:56:41.313Z"}, "title": "Authneticated Path Traversal in Danfoss AK-SM800A", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "affected": [{"vendor": "Danfoss", "product": "AK-SM800A", "versions": [{"status": "affected", "version": "< 3.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise."}]}], "references": [{"url": "https://csirt.divd.nl/CVE-2023-25914", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2023-00025", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "workarounds": [{"lang": "en", "value": "Upgrade to the latest patch, which is version 3.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade to the latest patch, which is version 3.3."}]}], "credits": [{"lang": "en", "value": "Synacktiv", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}, {"lang": "en", "value": "Max van der Horst (DIVD)", "user": "00000000-0000-4000-9000-000000000000", "type": "analyst"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:12.736Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://csirt.divd.nl/CVE-2023-25914"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://csirt.divd.nl/DIVD-2023-00025"}]}, {"affected": [{"vendor": "danfoss", "product": "ak-sm_800a", "cpes": ["cpe:2.3:h:danfoss:ak-sm_800a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T16:44:35.255267Z", "id": "CVE-2023-25914", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T16:48:02.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://csirt.divd.nl/CVE-2023-25914", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://csirt.divd.nl/DIVD-2023-00025", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:12.736Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25914", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T16:44:35.255267Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:danfoss:ak-sm_800a:-:*:*:*:*:*:*:*"], "vendor": "danfoss", "product": "ak-sm_800a", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T16:47:50.492Z"}}], "cna": {"title": "Authneticated Path Traversal in Danfoss AK-SM800A", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Synacktiv"}, {"lang": "en", "type": "analyst", "user": "00000000-0000-4000-9000-000000000000", "value": "Max van der Horst (DIVD)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Danfoss", "product": "AK-SM800A", "versions": [{"status": "affected", "version": "< 3.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://csirt.divd.nl/CVE-2023-25914", "tags": ["third-party-advisory"]}, {"url": "https://csirt.divd.nl/DIVD-2023-00025", "tags": ["third-party-advisory"]}], "workarounds": [{"lang": "en", "value": "Upgrade to the latest patch, which is version 3.3.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the latest patch, which is version 3.3.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.", "supportingMedia": [{"type": "text/html", "value": "Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "shortName": "DIVD", "dateUpdated": "2025-01-09T07:56:41.313Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25914", "state": "PUBLISHED", "dateUpdated": "2025-01-09T07:56:41.313Z", "dateReserved": "2023-02-16T14:22:41.966Z", "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217", "datePublished": "2023-08-21T20:30:03.122Z", "assignerShortName": "DIVD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:danfoss:ak-sm_800a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FE57274-BA94-492A-9D3A-A74F047E9EF4", "versionEndIncluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:danfoss:ak-sm_800a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4EC90A1-18C1-4509-96DF-A528E2AF5989", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise."}, {"lang": "es", "value": "Debido a una restricci\u00f3n inadecuada, los atacantes pod\u00edan recuperar y leer archivos de sistema del servidor subyacente a trav\u00e9s de la interfaz XML."}], "id": "CVE-2023-25914", "lastModified": "2025-01-17T17:54:40.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "csirt@divd.nl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-21T21:15:08.970", "references": [{"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2023-25914"}, {"source": "csirt@divd.nl", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/DIVD-2023-00025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/CVE-2023-25914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://csirt.divd.nl/DIVD-2023-00025"}], "sourceIdentifier": "csirt@divd.nl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "csirt@divd.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}