GRI

ICS Advisory: EFACEC BCU 500

News Cybersecurity English Guidance
Date: 19th Dec, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Here is a summary of the provided document:

Vulnerability Summary

A critical vulnerability (CVSS v3 9.6) has been identified in the EFACEC BCU 500, an automation and control IED. The vulnerability allows for uncontrolled resource consumption and cross-site request forgery (CSRF), which can lead to a denial-of-service condition or compromise the web application. The affected product is BCU 500 version 4.07, and a mitigation is available in version 4.08. The vulnerability has been assigned CVE-2023-50707 for uncontrolled resource consumption and CVE-2023-6689 for CSRF. The CVSS vector strings are (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H) and (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H) respectively.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: BCU 500 Vulnerabilities: Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the affected product or compromise the web application through a cross-site request

This content is restricted.

Highlights content goes here...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: BCU 500 Vulnerabilities: Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the affected product or compromise the web application through a cross-site request

This content is restricted.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Siemens Industrial Edge Devices
Date: 10th Apr, 2025 Source: Cybersecurity and Infrastructure Security Agency Country: USA
News Cybersecurity Guidance
Siemens Insights Hub Private Cloud
Date: 10th Apr, 2025 Source: Cybersecurity and Infrastructure Security Agency Country: USA
News Cybersecurity Guidance
handelsfusion.com: BaFin warns of website and points to suspected identity fraud
Date: 10th Apr, 2025 Source: Federal Financial Supervisory Authority (BaFin) Country: Germany
News Corporate Finance & M&A Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales