Lucene search

[email protected]CVE-2023-27976

HistoryApr 18, 2023 - 5:15 p.m.

CVE-2023-27976

2023-04-1817:15:07

CWE-668

[email protected]

web.nvd.nist.gov

cve-2023-27976

cwe-668

remote code execution

ecostruxure control expert

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause
remote code execution when a valid user visits a malicious link provided through the web
endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)

Affected configurations

NVD

Node

schneider-electricecostruxure_control_expertRange15.1≥

CPENameOperatorVersion
schneider-electric:ecostruxure_control_expertschneider-electric ecostruxure control experteq*

CPE	Name	Operator	Version
schneider-electric:ecostruxure_control_expert	schneider-electric ecostruxure control expert	eq	*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V15.1 and above"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2023-27976

prion1 cnvd1 cvelist1 nvd1