Lucene search

[email protected]NVD:CVE-2023-25548

HistoryApr 18, 2023 - 9:15 p.m.

CVE-2023-25548

2023-04-1821:15:08

CWE-863

[email protected]

web.nvd.nist.gov

cve-2023-25548

cwe-863

access credentials

dce endpoints

low privileged user

device security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device
credentials on specific DCE endpoints not being properly secured when a hacker is using a low
privileged user.

Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Affected configurations

NVD

Node

schneider-electricstruxureware_data_center_expertRange≤7.9.2

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Related for NVD:CVE-2023-25548

prion1 cvelist1 cve1