Improper Privilege Management in EcoStruxure Control Expert by Schneider Electric
CVE-2023-1548

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Control Expert
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability exists where a local user can exploit improper privilege management within EcoStruxure Control Expert, leading to potential denial of service. This flaw affects versions V15.1 and above, posing risks to system reliability and operational integrity. The vulnerability allows unauthorized access to console server services, emphasizing the need for immediate attention and remediation.

Affected Version(s)

EcoStruxure Control Expert V15.1 and above

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Mar 21, 2023