HIGH🇵🇱 Wersja polska

CVE-2023-27975

CVSS 7.1v3.1pub. 2024-02-14upd. 2024-12-11

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Schneider Electric Ecostruxure Control Expert

    APP
    Schneider-Electric
    < 16.0
  • Schneider Electric Ecostruxure Process Expert

    APP
    Schneider-Electric
    < 2023
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-37300CRITICAL9.8ten sam produkt

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...

CVE-2022-26507CRITICAL9.8ten sam produkt

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...

CVE-2021-22779CRITICAL9.1ten sam produkt

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...

CVE-2020-28212CRITICAL9.8ten sam produkt

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...

CVE-2020-7475CRITICAL9.8ten sam produkt

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...