Vulnerabilities > CVE-2023-29410 - Unspecified vulnerability in Schneider-Electric products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

NVD

Published: 2023-04-18

Updated: 2024-11-21

Summary

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Insighthome Firmware * Schneider Electric Insighthome Firmware 1.16 Schneider Electric Insightfacility Firmware * Schneider Electric Insightfacility Firmware 1.16 Schneider Electric Conext Gateway Firmware * Schneider Electric Conext Gateway Firmware 1.16	9
Hardware	Schneider-Electric Schneider Electric Insighthome - Schneider Electric Insightfacility - Schneider Electric Conext Gateway -	3

Summary

Vulnerable Configurations

References