CVE-2023-5885

Franklin Electric Fueling Systems Colibri Path Traversal

Description

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

Remediation

Solution:

  • Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation. For further information, please contact Franklin Electric Fueling Systems.

Categories

6.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.14%
Third-Party Advisory cisa.gov
Affected: Franklin Electric Fueling Systems Colibri
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/ICSA-23-331-02 third party advisory us government resource
https://www.franklinfueling.com/en/landing-pages/firmware/colibri-firmware/ product
https://www.franklinfueling.com/en/contact-us/ product

Frequently Asked Questions

What is the severity of CVE-2023-5885?
CVE-2023-5885 has been scored as a medium severity vulnerability.
How to fix CVE-2023-5885?
To fix CVE-2023-5885: Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation. For further information, please contact Franklin Electric Fueling Systems.
Is CVE-2023-5885 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-5885 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-5885?
CVE-2023-5885 affects Franklin Electric Fueling Systems Colibri.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.