📦

eos

Vendor: econolite

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.13% Exploit Prob.

Latest CVE CVE-2023-0452 Jan 26

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2023-0452

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

EPSS: 0.10%

Severity: CRITICAL

Jan 26, 2023

7.5 CVSS

CVE-2023-0451

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.

EPSS: 0.16%

Severity: HIGH

Jan 26, 2023

Displaying 2 of 2 Total Entries

Total 1 Sections