Lucene search
IcscertCVE-2023-6631HistoryJan 08, 2024 - 7:15 p.m.
CVE-2023-6631
2024-01-0819:15:10
CWE-428
icscert
web.nvd.nist.gov
17
cve-2023-6631
unquoted service path vulnerability
powersystem center
privilege escalation
arbitrary code insertion
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0
Percentile
0.4%
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
Affected configurations
Node
subnetpowersystem_centerMatch2020-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| subnet | powersystem_center | 2020 | cpe:2.3:a:subnet:powersystem_center:2020:-:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PowerSYSTEM Center",
"vendor": "Subnet Solutions Inc.",
"versions": [
{
"lessThanOrEqual": "5.16.x",
"status": "affected",
"version": "2020 v5.0.x",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2024-01-08 19:15:00
ics
ics
Subnet Solutions Inc. PowerSYSTEM Center
2023-12-19 12:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-6631
2024-01-08 19:15:10
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0
Percentile
0.4%
Related for CVE-2023-6631