CVE-2023-50706

MEDIUM 4.1

Improper Access Control in EFACEC UC 500E

CVSS Score

4.1

EPSS Score

0.0%

EPSS Percentile

0th

A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.

CWE	CWE-284
Vendor	efacec
Product	uc 500e
Published	Dec 19, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for efacec uc 500e

Be the first to know when new medium vulnerabilities affecting efacec uc 500e are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

EFACEC / UC 500E

version 10.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-03

Credits

Aarón Flecha Menéndez of S21sec