Code Integrity Bypass in Schneider Electric Devices
CVE-2023-5630

6.5MEDIUM

Key Information:

Vendor
Schneider Electric
Status
Trio Q-Series Ethernet Data Radio
Trio E-Series Ethernet Data Radio
Trio J-Series Ethernet Data Radio
Vendor
CVE Published:
14 December 2023

Summary

A vulnerability allows a privileged user to bypass the integrity checks of firmware, potentially enabling the installation of untrusted firmware on Schneider Electric devices. This compromise poses risks by allowing the introduction of malicious code, leading to system instability and unauthorized access. It is crucial for users to review their firmware versions and apply necessary patches to mitigate these risks.

Affected Version(s)

Trio E-Series Ethernet Data Radio All versions

Trio J-Series Ethernet Data Radio All Versions

Trio Q-Series Ethernet Data Radio All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.