CVE-2023-3770

Vulnerability in Ingeteam's INGEPAC DA

Description

Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.

Remediation

Solution:

The information published in this port is public and non-confidential. Its purpose is to make devices discoverable through software tools such as Ingeteam PAC Factory. If there is a cybersecurity concern about the data displayed, the port can be disabled on each device through its internal firewall service.

References

Link	Tags
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-3770?: CVE-2023-3770 has been scored as a medium severity vulnerability.
How to fix CVE-2023-3770?: To fix CVE-2023-3770: The information published in this port is public and non-confidential. Its purpose is to make devices discoverable through software tools such as Ingeteam PAC Factory. If there is a cybersecurity concern about the data displayed, the port can be disabled on each device through its internal firewall service.
Is CVE-2023-3770 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-3770 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3770?: CVE-2023-3770 affects Ingeteam INGEPAC DA3451.

Description

Remediation

Categories

CWE-20 – Improper Input Validation

CWE-862 – Missing Authorization

References

Frequently Asked Questions