ICSA-23-136-01 · Published 2024-11-12 · View on CISA ICS-CERT ↗

Snap One OvrC Cloud (Update A)

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to impersonate and claim devices, execute arbitrary code, and disclose information about the affected device.

CVEs (10)

CVE-2023-28649 CVE-2023-28412 CVE-2023-31241 CVE-2023-31193 CVE-2023-28386 CVE-2023-31245 CVE-2023-31240 CVE-2023-25183 CVE-2024-50380 CVE-2024-50381

Remediations

Snap One has released the following updates/fixes for the affected products:
OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.
OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.
Disable UPnP.
For more information, see Snap One's Release Notes.

Affected Vendors

Snap One

Affected Products (1)

Snap One · OvrC Pro <7.3

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more