Improper Input Neutralization in Schneider Electric's Web System
CVE-2023-5985

4.8MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ion8650; Ion8800
Vendor: CVE Published:; 15 November 2023

Summary

A vulnerability categorized as CWE-79 arises from improper neutralization of user input during the generation of web pages in Schneider Electric's products. This flaw can be exploited by an attacker who holds admin privileges, leading to potential browser compromise for users due to the manipulation of system values. This situation emphasizes the importance of proper input handling and validation mechanisms in web applications to safeguard user sessions and data integrity.

Affected Version(s)

ION8650 All versions

ION8800 All versions

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Nov 7, 2023