Lucene search
HistoryNov 15, 2023 - 4:15 a.m.
CVE-2023-5984
cwe-494
download of code without integrity check
firmware update
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.0%
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow
modified firmware to be uploaded when an authorized admin user begins a firmware update
procedure which could result in full control over the device.
Affected configurations
Node
schneider-electricion8650Match-
schneider-electricion8650_firmware
Node
schneider-electricion8800Match-
schneider-electricion8800_firmware
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | ion8650 | - | cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:* |
| schneider-electric | ion8650_firmware | * | cpe:2.3:o:schneider-electric:ion8650_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | ion8800 | - | cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:* |
| schneider-electric | ion8800_firmware | * | cpe:2.3:o:schneider-electric:ion8800_firmware:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-5984
2023-11-15 03:30:09
cve
cve
CVE-2023-5984
2023-11-15 04:15:19
prion
prion
Design/Logic Flaw
2023-11-15 04:15:00
nessus
nessus
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
16.0%
Related for NVD:CVE-2023-5984