Lucene search

SchneiderCVELIST:CVE-2023-5984

HistoryNov 15, 2023 - 3:30 a.m.

CVE-2023-5984

2023-11-1503:30:09

CWE-494

schneider

www.cve.org

code integrity check

firmware update

full control

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.2%

JSON

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow
modified firmware to be uploaded when an authorized admin user begins a firmware update
procedure which could result in full control over the device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ION8650",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ION8800 ",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVELIST:CVE-2023-5984