CVE-2023-27975
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
14/02/2024
Last modified:
11/12/2024
Description
<br />
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized<br />
access to the project file in EcoStruxure Control Expert when a local user tampers with the<br />
memory of the engineering workstation.<br />
<br />
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:* | 16.0 (excluding) | |
cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:* | 2023 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2024-044-01.pdf
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2024-044-01.pdf