Lucene search

SchneiderCVELIST:CVE-2023-3001

HistoryJun 14, 2023 - 7:40 a.m.

CVE-2023-3001

2023-06-1407:40:16

CWE-502

schneider

www.cve.org

cwe-502

deserialization

untrusted data

dashboard module

remote code execution

malicious payload

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.5%

JSON

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that
could cause an interpretation of malicious payload data, potentially leading to remote code
execution when an attacker gets the user to open a malicious file.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IGSS Dashboard (DashBoard.exe)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "v16.0.0.23130 and prior"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVELIST:CVE-2023-3001