Lucene search

SchneiderCVELIST:CVE-2023-5629

HistoryDec 14, 2023 - 4:42 a.m.

CVE-2023-5629

2023-12-1404:42:32

CWE-601

schneider

www.cve.org

cwe-601

untrusted site

open redirect

http

disclosure

phishing

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could
cause disclosure of information through phishing attempts over HTTP.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Trio Q-Series Ethernet Data Radio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 2.7.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Trio E-Series Ethernet Data Radio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All versions of models ER45e, EB45e, EH45e"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Trio J-Series Ethernet Data Radio",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-01.pdf

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-5629