Improper Array Index Validation in Schneider Electric Products
CVE-2023-28004

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: PowerLogic HDPM6000
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability arises from improper validation of an array index within Schneider Electric products. An attacker could exploit this flaw by crafting specific Ethernet requests, leading to potential denial of service or enabling remote code execution. This highlights the importance of robust input validation measures for safeguarding critical infrastructure.

Affected Version(s)

PowerLogic HDPM6000 V0.58.6

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Mar 9, 2023