Cyber Resilience

CVE-2023-23774

High

Published: 29 August 2023

Published
29 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-23774 is a high-severity Uncaught Exception (CWE-248) vulnerability in Motorola Ebts Site Controller Firmware. Its CVSS base score is 8.4 (High).

Operationally, ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is…

more

able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

motorola
ebts site controller firmware
all versions
motorola
mbts site controller firmware
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-755 CWE-248

Enforces structured response to exceptional conditions so the system cannot remain in an unsafe state.

addresses: CWE-755 CWE-248

Mandates defined procedures that ensure exceptional conditions are handled in a controlled, secure manner instead of being ignored or mishandled.

addresses: CWE-755

Provides defined handling (alert and additional actions) for the exceptional condition of audit logging failure.

addresses: CWE-755

Supplies a concrete handling action (safe mode) for exceptional conditions, mitigating risks from improper or absent handling that could allow continued attacks.

addresses: CWE-755

By preparing users for contingency scenarios, the control promotes proper handling of exceptional conditions instead of default or unsafe behaviors.

addresses: CWE-755

An updated contingency plan defines current actions for exceptional conditions, reducing the window for attackers to exploit improper handling leading to system failure.

addresses: CWE-755

Procedures ensure proper handling of exceptional conditions to support effective incident response.

addresses: CWE-755

Incident response testing confirms proper handling of exceptional conditions to limit exploit impact.

References