Lucene search

[email protected]CVE-2023-28004

HistoryApr 18, 2023 - 10:15 p.m.

CVE-2023-28004

2023-04-1822:15:07

CWE-129

[email protected]

web.nvd.nist.gov

cve-2023-28004

cwe-129

vulnerability

ethernet

denial of service

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted
Ethernet request could result in denial of service or remote code execution.

Affected configurations

NVD

Node

schneider-electricpowerlogic_hdpm6000Match-

AND

schneider-electricpowerlogic_hdpm6000_firmwareRange≤0.58.6

CPENameOperatorVersion
schneider-electric:powerlogic_hdpm6000_firmwareschneider-electric powerlogic hdpm6000 firmwarele0.58.6

CPE	Name	Operator	Version
schneider-electric:powerlogic_hdpm6000_firmware	schneider-electric powerlogic hdpm6000 firmware	le	0.58.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerLogic HDPM6000",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "prior",
        "status": "affected",
        "version": "V0.58.6",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-02.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2023-28004

cvelist1 nvd1 prion1