MidnightBSD

Advisories for atlascopco

CVE-2023-1897

Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 3.9 5.5

Products Affected

Vendor Product Version
atlascopco power_focus_6000_firmware -
CVE-2023-1898

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 3.9 5.5

Products Affected

Vendor Product Version
atlascopco power_focus_6000_firmware -
CVE-2023-1899

Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 3.9 5.5

Products Affected

Vendor Product Version
atlascopco power_focus_6000_firmware *