Lucene search

[email protected]NVD:CVE-2023-27975

HistoryFeb 14, 2024 - 5:15 p.m.

CVE-2023-27975

2024-02-1417:15:08

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023-27975

ecostruxure control expert

unauthorized access

project file

memory tampering

engineering workstation

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2023-27975

cvelist1 cve1 prion1