Vulnerability in Ingeteam's INGEPAC EF
CVE-2023-3769

8.6HIGH

Key Information:

Vendor: Ingeteam
Status: Ingepac Fc5066
Vendor: CVE Published:; 2 October 2023

What is CVE-2023-3769?

An incorrect data input validation vulnerability exists within Ingeteam products that could potentially be exploited by an attacker with network access. By employing fuzzing techniques on specially crafted packets, the attacker may trigger a denial of service (DoS) condition through the MMS protocol, potentially causing a total system reboot of the affected device along with its essential services.

Affected Version(s)

INGEPAC FC5066 9.0.22.6+6.1.1.22+5.3.1.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/mu...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2023
Vulnerability Reserved
Jul 19, 2023

Credit

Aarón Flecha Menéndez and Gabriel Vía Echezarreta.

CVE-2023-3769 Data

JSON