CVE-2023-0451 HIGH

CVE-2023-0451

Vendor Econolite
Product EOS
Weakness CWE-284
Published January 26, 2023
Last update January 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.

Key dates

02Disclosure timeline

January 26, 2023 CVE published
January 16, 2025 Record updated