Cyber Resilience

CVE-2023-40158

High

Published: 23 August 2023

Published
23 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0612 91.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-40158 is a high-severity Hidden Functionality (CWE-912) vulnerability in Cbc Nr4H Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-40158 is a hidden functionality vulnerability affecting certain CBC products from Ganz Security, including the NR4H, NR8H, NR16H, DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, and DR-4M41 series. The flaw permits a remote authenticated attacker to execute arbitrary operating system commands on the device or modify its configuration settings. Several of the listed product lines are end-of-life and receive no vendor updates.

An attacker with valid low-privileged credentials can exploit the issue over the network without user interaction. Successful exploitation yields full control over the affected device, enabling arbitrary command execution and configuration changes that impact confidentiality, integrity, and availability.

Vendor advisories published on ganzsecurity.com and coordinated through JVN recommend applying the security notices referenced in the product release pages. Unsupported models receive no patches, leaving them permanently exposed.

The associated EPSS score has remained flat at 0.0612 with no material increase since disclosure.

EU & UK References

Vulnerability details

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that…

more

NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cbc
nr4h firmware
all versions
cbc
nr8h firmware
all versions
cbc
nr16h firmware
all versions
cbc
dr-16f42a firmware
all versions
cbc
dr-16f45at firmware
all versions
cbc
dr-8f42a firmware
all versions
cbc
dr-8f45at firmware
all versions
cbc
dr-4fx1 firmware
all versions
cbc
dr-16h firmware
all versions
cbc
dr-8h firmware
all versions
+13 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-912

Documenting every system component at the required granularity and reviewing the inventory detects or prevents hidden functionality from remaining undetected.

addresses: CWE-912

Recovery eliminates hidden functionality or backdoors introduced during compromise.

addresses: CWE-912

Policy requires supplier transparency and testing to detect hidden functionality or backdoors inserted in the supply chain.

addresses: CWE-912

Screening high-risk technical positions lowers the probability that hidden functionality or backdoors will be added by authorized personnel.

addresses: CWE-912

Hunting identifies hidden functionality used for persistence or evasion after initial compromise.

addresses: CWE-912

TSCM surveys discover and eliminate hidden surveillance functionality that would otherwise remain undetected in the environment.

addresses: CWE-912

Change control, approval gates, and flaw tracking force hidden functionality to be either documented or discovered and removed.

addresses: CWE-912

Vetting and integrity controls during acquisition reduce the likelihood of hidden backdoors or malicious functionality introduced by suppliers.

References