CVE-2023-45228 Information

Description

The application suffers from improper access control when editing users. A user with read permissions can manipulate users passwords and permissions by sending a single HTTP POST request with modified parameters.

Reference

https://www.sielco.org/en/contacts https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08