Vulnerabilities > CVE-2023-6032 - Unspecified vulnerability in Schneider-Electric Galaxy VL Firmware and Galaxy VS Firmware

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

schneider-electric

NVD

Published: 2023-11-15

Updated: 2024-11-21

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

Vulnerable Configurations

Part	Description	Count
OS	Schneider-Electric Schneider Electric Galaxy VL Firmware 12.21 Schneider Electric Galaxy VS Firmware 6.82	2
Hardware	Schneider-Electric Schneider Electric Galaxy VL - Schneider Electric Galaxy VS -	2

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf