彙總 piigab 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本與CSRF 相關,可能在 生產負載與軟體部署 場景中帶來 工作階段劫持 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-35765 | PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. | [email protected] | 6.5 | 0.51% | 2023-07-06 | 2026-06-17 |
| CVE-2023-35120 | PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request. | [email protected] | 8.8 | 0.29% | 2023-07-06 | 2026-06-17 |
| CVE-2023-34995 | There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. | [email protected] | 7.5 | 0.62% | 2023-07-06 | 2026-06-17 |
| CVE-2023-34433 | PiiGAB M-Bus stores passwords using a weak hash algorithm. | [email protected] | 7.5 | 0.41% | 2023-07-06 | 2026-06-17 |
| CVE-2023-32652 | PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. | [email protected] | 8.0 | 0.46% | 2023-07-06 | 2026-06-17 |
| CVE-2023-36859 | PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. | [email protected] | 8.8 | 0.76% | 2023-07-06 | 2026-06-17 |
| CVE-2023-35987 | PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. | [email protected] | 9.8 | 0.75% | 2023-07-06 | 2026-06-17 |
| CVE-2023-33868 | The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication. | [email protected] | 5.9 | 0.66% | 2023-07-06 | 2026-06-17 |
| CVE-2023-31277 | PiiGAB M-Bus transmits credentials in plaintext format. | [email protected] | 7.5 | 0.57% | 2023-07-06 | 2026-06-17 |