CVE-2023-5630

🗓️ 14 Dec 2023 04:49:38Reported by schneiderType

Privileged user can install untrusted firmware

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the microprogrammed Ethernet receiver software from the Trio Q, Trio E, and Trio J series lies in the fact that code can be loaded without any checks for its integrity. This allows a hacker to inject additional code into the device’s firmware.	19 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-5630	10 Jan 202416:41	–	circl
CNNVD	Schneider Electric Trio Q-Series Ethernet Data Radio Security Vulnerability	14 Dec 202300:00	–	cnnvd
CVE	CVE-2023-5630	14 Dec 202304:49	–	cve
EUVD	EUVD-2023-57923	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5630	14 Dec 202305:15	–	nvd
Prion	Design/Logic Flaw	14 Dec 202305:15	–	prion
RedhatCVE	CVE-2023-5630	23 May 202505:07	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "Trio Q-Series Ethernet Data Radio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Trio E-Series Ethernet Data Radio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Trio J-Series Ethernet Data Radio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

14 Dec 2023 04:49Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5

EPSS0.00097

CWE-494