Vulnerabilities > CVE-2023-6409 - Unspecified vulnerability in Schneider-Electric products

CVSS 7.7 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

schneider-electric

NVD

Published: 2024-02-14

Updated: 2024-12-11

Summary

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Ecostruxure Control Expert - Schneider Electric Ecostruxure Control Expert 14.0 Schneider Electric Ecostruxure Control Expert 14.1 Schneider Electric Ecostruxure Control Expert 15.0 Schneider Electric Ecostruxure Control Expert 15.1 Schneider Electric Ecostruxure Process Expert - Schneider Electric Ecostruxure Process Expert 2020 Schneider Electric Ecostruxure Process Expert 2021	9

Summary

Vulnerable Configurations

References