Lucene search
SchneiderCVELIST:CVE-2023-29410HistoryApr 18, 2023 - 9:13 p.m.
CVE-2023-29410
2023-04-1821:13:55
CWE-20
schneider
www.cve.org
3
cwe-20
input validation
authenticated attacker
server executuion
http
privilege escalation
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
30.5%
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated
attacker to gain the same privilege as the application on the server when a malicious payload is
provided over HTTP for the server to execute.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "InsightHome",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "v1.16 Build 004",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InsightFacility",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "v1.16 Build 004",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Conext Gateway",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "v1.16 Build 004",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-29410
2023-04-18 22:15:08
cve
cve
CVE-2023-29410
2023-04-18 22:15:08
cnvd
cnvd
Schneider Electric Conext Gateway Input Validation Error Vulnerability
2023-04-21 00:00:00
prion
prion
Input validation
2023-04-18 22:15:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
30.5%
Related for CVELIST:CVE-2023-29410