Lucene search

SchneiderCVE-2023-27976

HistoryApr 18, 2023 - 5:15 p.m.

CVE-2023-27976

2023-04-1817:15:07

CWE-668

schneider

web.nvd.nist.gov

cve-2023-27976

cwe-668

remote code execution

ecostruxure control expert

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause
remote code execution when a valid user visits a malicious link provided through the web
endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)

Affected configurations

Nvd

Node

schneider-electricecostruxure_control_expertRange15.1≥

VendorProductVersionCPE
schneider-electricecostruxure_control_expert*cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	ecostruxure_control_expert	*	cpe:2.3:a:schneider-electric:ecostruxure_control_expert::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "V15.1 and above"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

Related for CVE-2023-27976