Improper Privilege Management Vulnerability in Schneider Electric's Networked Products
CVE-2023-5402

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: C-Bus Toolkit
Vendor: CVE Published:; 4 October 2023

Summary

An improper privilege management vulnerability has been identified in certain networked products produced by Schneider Electric. This vulnerability could potentially allow an attacker to execute arbitrary code remotely when the transfer command is utilized over the network. Proper measures should be taken to safeguard affected products against exploitation.

Affected Version(s)

C-Bus Toolkit v1.16.3 and prior

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Oct 4, 2023