Remote Code Execution Vulnerability in EcoStruxure Control Expert by Schneider Electric
CVE-2023-27976

8.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Control Expert
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability exists in EcoStruxure Control Expert that could permit remote code execution when a legitimate user interacts with a malicious link disseminated through the web endpoints. This exposes the system to potential unauthorized actions and compromises the integrity of the application. Users of EcoStruxure Control Expert V15.1 and above need to take necessary precautions to safeguard against this threat.

Affected Version(s)

EcoStruxure Control Expert V15.1 and above

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Mar 9, 2023