Lucene search

SchneiderCVELIST:CVE-2023-6032

HistoryNov 15, 2023 - 3:54 a.m.

CVE-2023-6032

2023-11-1503:54:35

CWE-22

schneider

www.cve.org

cwe-22

improper limitation of pathname

network management card

https

file system enumeration

file download

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
vulnerability exists that could cause a file system enumeration and file download when an
attacker navigates to the Network Management Card via HTTPS.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Galaxy VS",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "v6.82"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Galaxy VL",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "v12.21"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Related for CVELIST:CVE-2023-6032