CVE-2023-3243

CVSS V2 None CVSS V3 None

Description

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.

Overview

CVE ID
CVE-2023-3243

Assigner
Honeywell

Vulnerability Status
PUBLISHED

Published Version
2023-06-28T20:23:21.810Z

Last Modified Date
2024-06-04T17:17:36.156Z

Weakness Enumerations

CWE	URL
CWE-290	http://cwe.mitre.org/data/definitions/290.html
CWE-326	http://cwe.mitre.org/data/definitions/326.html

References

Reference URL	Reference Tags
https://www.honeywell.com/us/en/product-security

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-3243
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3243

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 21:06:42				Added to TrackCVE