How severe is CVE-2023-45321?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-45321?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2023-45321 - HIGH Severity | CVSS 8.8

Vulnerability Description

The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.

Related Vulnerabilities

CVE-2018-11050

HIGH

CVSS:8.8(High)

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing P...

CWE-3192018

CVE-2018-5402

HIGH

CVSS:8.8(High)

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once ...

CWE-3192018

CVE-2018-8842

HIGH

CVSS:8.8(High)

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorize...

CWE-3192018

CVE-2019-12504

HIGH

CVSS:8.8(High)

Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a vi...

CWE-3192019

CVE-2019-16924

HIGH

CVSS:8.8(High)

The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock.

CWE-3192019

CVE-2019-9101

HIGH

CVSS:8.8(High)

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sen...

CWE-3192019