Vulnerabilities > CVE-2023-27975 - Unspecified vulnerability in Schneider-Electric products

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

schneider-electric

NVD

Published: 2024-02-14

Updated: 2024-12-11

Summary

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Ecostruxure Control Expert - Schneider Electric Ecostruxure Control Expert 14.0 Schneider Electric Ecostruxure Control Expert 14.1 Schneider Electric Ecostruxure Control Expert 15.0 Schneider Electric Ecostruxure Control Expert 15.1 Schneider Electric Ecostruxure Process Expert - Schneider Electric Ecostruxure Process Expert 2020 Schneider Electric Ecostruxure Process Expert 2021	9

Summary

Vulnerable Configurations

References