piigab 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-35765 | PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. | [email protected] | 6.5 | 0.40% | 2023-07-07 | 2024-11-21 |
| CVE-2023-35120 | PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request. | [email protected] | 8.8 | 0.24% | 2023-07-07 | 2024-11-21 |
| CVE-2023-34995 | There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. | [email protected] | 7.5 | 0.49% | 2023-07-07 | 2024-11-21 |
| CVE-2023-34433 | PiiGAB M-Bus stores passwords using a weak hash algorithm. | [email protected] | 7.5 | 0.33% | 2023-07-07 | 2024-11-21 |
| CVE-2023-32652 | PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. | [email protected] | 8.0 | 0.38% | 2023-07-07 | 2024-11-21 |
| CVE-2023-36859 | PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. | [email protected] | 8.8 | 0.61% | 2023-07-06 | 2024-11-21 |
| CVE-2023-35987 | PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | [email protected] | 9.8 | 0.60% | 2023-07-06 | 2024-11-21 |
| CVE-2023-33868 | The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. | [email protected] | 5.9 | 0.53% | 2023-07-06 | 2024-11-21 |
| CVE-2023-31277 | PiiGAB M-Bus transmits credentials in plaintext format. | [email protected] | 7.5 | 0.46% | 2023-07-06 | 2024-11-21 |