Open Redirect Vulnerability in Schneider Electric’s Products
CVE-2023-5629

8.2HIGH

Key Information:

Vendor: Schneider Electric
Status: Trio Q-Series Ethernet Data Radio; Trio E-Series Ethernet Data Radio; Trio J-Series Ethernet Data Radio
Vendor: CVE Published:; 14 December 2023

Summary

A vulnerability related to open redirect has been identified in certain products by Schneider Electric, potentially allowing attackers to redirect users to untrusted sites. This could facilitate phishing attacks and lead to the unauthorized disclosure of sensitive information. Users are advised to review security notices and implement necessary safeguards to protect against such threats.

Affected Version(s)

Trio E-Series Ethernet Data Radio All versions of models ER45e, EB45e, EH45e

Trio J-Series Ethernet Data Radio All Versions

Trio Q-Series Ethernet Data Radio Versions prior to 2.7.0

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Oct 18, 2023