CVE-2023-38422

high

Description

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04

Details

Source: Mitre, NVD

Published: 2023-08-23

Updated: 2023-09-05

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High