How severe is CVE-2023-3243?

CVE-2023-3243 is considered a critical vulnerability with a severity rating of 9.8 out of 10.

Which product is affected by CVE-2023-3243?

The impacted product is Honeywell Alerton BCM-WEB Firmware version 3.3.

What is the vulnerability in the impacted product?

The vulnerability is the usage of a poorly salted MD5 hash for authenticating, which could lead to a successful brute force password attack.

How can I fix the CVE-2023-3243 vulnerability?

To fix the CVE-2023-3243 vulnerability, it is recommended to update to a patched version of Honeywell Alerton BCM-WEB Firmware.

Vulnerability/
CVE-2023-3243

critical

9.8

CWE

290 326

28/6/2023

2/8/2024

CVE-2023-3243: Weak Encryption

First published: Wed Jun 28 2023(Updated: )

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.

Credit: psirt@honeywell.com psirt@honeywell.com

Affected Software	Affected Version	How to fix
Honeywell Alerton Bcm-web Firmware
Honeywell Alerton Bcm-web
All of
Honeywell Alerton Bcm-web Firmware
Honeywell Alerton Bcm-web

Never miss a vulnerability like this again

Reference Links

https://www.honeywell.com/us/en/product-security

Frequently Asked Questions

What is CVE-2023-3243?
CVE-2023-3243 is a vulnerability that allows an attacker to capture an authenticating hash and utilize it to create new sessions, potentially leading to unauthorized access.
How severe is CVE-2023-3243?
CVE-2023-3243 is considered a critical vulnerability with a severity rating of 9.8 out of 10.
Which product is affected by CVE-2023-3243?
The impacted product is Honeywell Alerton BCM-WEB Firmware version 3.3.
What is the vulnerability in the impacted product?
The vulnerability is the usage of a poorly salted MD5 hash for authenticating, which could lead to a successful brute force password attack.
How can I fix the CVE-2023-3243 vulnerability?
To fix the CVE-2023-3243 vulnerability, it is recommended to update to a patched version of Honeywell Alerton BCM-WEB Firmware.

collector/nvd-index
agent/type
agent/references
agent/author
agent/weakness
agent/status
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/tags
agent/event
agent/first-publish-date
agent/description
agent/last-modified-date
collector/nvd-api
source/NVD
status/unsupported
vendor/honeywell
canonical/honeywell alerton bcm-web firmware
canonical/honeywell alerton bcm-web

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.