ByteOS Network

Vulnerability Details :

CVE-2023-5462

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-09 Oct, 2023 | 21:31

Updated At-02 Aug, 2024 | 07:59

XINJE XD5E-30R-E Modbus denial of service

A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:09 Oct, 2023 | 21:31

Updated At:02 Aug, 2024 | 07:59

▼CVE Numbering Authority (CNA)

XINJE XD5E-30R-E Modbus denial of service

Affected Products

Vendor

XINJE

Product

XD5E-30R-E

Modules

Modbus Handler

Versions

Affected

3.5.3b

Problem Types

Type	CWE ID	Description
CWE	CWE-404	CWE-404 Denial of Service

Type: CWE

CWE ID: CWE-404

Description: CWE-404 Denial of Service

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.0	6.5	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.0	6.1	N/A	AV:A/AC:L/Au:N/C:N/I:N/A:C

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.0

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 2.0

Base score: 6.1

Base severity: N/A

Vector:

AV:A/AC:L/Au:N/C:N/I:N/A:C

Timeline

Event	Date
Advisory disclosed	2023-10-09 00:00:00
VulDB entry created	2023-10-09 02:00:00
VulDB last update	2023-10-09 16:14:29

Event: Advisory disclosed

Date: 2023-10-09 00:00:00

Event: VulDB entry created

Date: 2023-10-09 02:00:00

Event: VulDB last update

Date: 2023-10-09 16:14:29

References

Hyperlink	Resource
https://vuldb.com/?id.241585	vdb-entry
https://vuldb.com/?ctiid.241585	signature permissions-required
https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n	exploit

Hyperlink: https://vuldb.com/?id.241585

Resource:

vdb-entry

Hyperlink: https://vuldb.com/?ctiid.241585

Resource:

signature

permissions-required

Hyperlink: https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n

Resource:

exploit

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

xinje

Product

xd5e-30r-e_firmware

CPEs

cpe:2.3:o:xinje:xd5e-30r-e_firmware:3.5.3b:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

3.5.3b

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.241585	vdb-entry x_transferred
https://vuldb.com/?ctiid.241585	signature permissions-required x_transferred
https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n	exploit x_transferred

Hyperlink: https://vuldb.com/?id.241585

Resource:

vdb-entry

x_transferred

Hyperlink: https://vuldb.com/?ctiid.241585

Resource:

signature

permissions-required

x_transferred

Hyperlink: https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n

Resource:

exploit

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:09 Oct, 2023 | 22:15

Updated At:05 Jun, 2024 | 21:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	2.0	6.1	MEDIUM	AV:A/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 2.0

Base score: 6.1

Base severity: MEDIUM

Vector:

AV:A/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

xinje>>xd5e-30r-e_firmware>>3.5.3b

cpe:2.3:o:xinje:xd5e-30r-e_firmware:3.5.3b:*:*:*:*:*:*:*

xinje>>xd5e-30r-e>>-

cpe:2.3:h:xinje:xd5e-30r-e:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-404	Primary	cna@vuldb.com

CWE ID: CWE-404

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n	cna@vuldb.com	Permissions Required
https://vuldb.com/?ctiid.241585	cna@vuldb.com	Permissions Required Third Party Advisory
https://vuldb.com/?id.241585	cna@vuldb.com	Third Party Advisory

Hyperlink: https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n

Source: cna@vuldb.com

Resource:

Permissions Required

Hyperlink: https://vuldb.com/?ctiid.241585

Source: cna@vuldb.com

Resource:

Permissions Required

Third Party Advisory

Hyperlink: https://vuldb.com/?id.241585

Source: cna@vuldb.com

Resource:

Third Party Advisory

Similar CVEs

153Records found

CVE-2024-51179

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-6.30% / 90.57%

7 Day CHG~0.00%

Published-12 Nov, 2024 | 00:00

Updated-13 Nov, 2024 | 20:35

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establishment process.

Vendor-n/a open5gs

Product-n/a open5gs

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2024-33844

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.49% / 64.46%

7 Day CHG~0.00%

Published-03 May, 2024 | 00:00

Updated-13 Mar, 2025 | 21:15

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.

Vendor-parrot n/a parrot

Product-anafi_firmware n/a anafi_firmware

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-48489

Matching Score-4

Assigner-Huawei Technologies

View Details

Matching Score-4

Assigner-Huawei Technologies

CVSS Score-7.5||HIGH

EPSS-0.06% / 19.91%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 00:00

Updated-17 Dec, 2024 | 16:15

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

Vendor-Huawei Technologies Co., Ltd.

Product-emui EMUI

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2023-5462

Credits

XINJE XD5E-30R-E Modbus denial of service

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs