CVE-2023-28813: 
Hikvision LocalServiceComponents vulnerability analysis and mitigation

A vulnerability was discovered in Hikvision Web Browser Plug-in LocalServiceComponents that allows attackers to modify plug-in parameters through crafted messages, potentially causing affected computers to download malicious files. The vulnerability (CVE-2023-28813) was disclosed on November 23, 2023, affecting LocalServiceComponents version 1.0.0.78 and earlier versions (Hikvision Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), and requires user interaction (UI:R). The scope is unchanged (S:U), with high impact on confidentiality (C:H), no impact on integrity (I:N), and high impact on availability (A:H) (Hikvision Advisory).

When successfully exploited, this vulnerability could allow attackers to cause affected computers to download malicious files through manipulation of plug-in parameters. The high CVSS score indicates significant potential impact on system security, particularly affecting confidentiality and availability of the system (Hikvision Advisory).

Hikvision has released version 1.0.0.81 to address this vulnerability. Users are advised to update their LocalServiceComponents to this latest version. The patch can be downloaded from the Hikvision official website (Hikvision Advisory).