CVE-2026-13743
LOW
3.3
CVSS 4.0
Description
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.
Metadata
Severity & Metrics
3.3
LOW CVSS 4.0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| CubeSpace | CW0057 Reaction Wheel | — | 0 < 5.0.20 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-347 | cna | CWE-347 Improper verification of cryptographic signature |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 3.3 | LOW | 4.0 | cna | CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |