Lucene search

[email protected]CVE-2023-27975

HistoryFeb 14, 2024 - 5:15 p.m.

CVE-2023-27975

2024-02-1417:15:08

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023-27975

cwe-522

insufficiently protected credentials

ecostruxure control expert

unauthorized access

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to v16.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Process Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to v2023"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-27975

cvelist1 prion1 nvd1