How severe is CVE-2023-1617?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-1617?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-1617

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-287

View all →

Vulnerability Description

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.

CVE-2007-4043

CRITICAL

CVSS:9.8(Critical)

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:...

CWE-2872007

CVE-2007-6759

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CWE-2872007

CVE-2007-6760

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CWE-2872007

CVE-2009-2168

CRITICAL

CVSS:9.8(Critical)

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypas...

CWE-2872009

CVE-2009-2382

CRITICAL

CVSS:9.8(Critical)

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

CWE-2872009

CVE-2009-2422

CRITICAL

CVSS:9.8(Critical)

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead o...

CWE-2872009

CVE-2023-1617

Vulnerability Description

Related Vulnerabilities

CVE-2007-4043

CVE-2007-6759

CVE-2007-6760

CVE-2009-2168

CVE-2009-2382

CVE-2009-2422