Schneider Electric Trio Q-Series Ethernet Data Radio code download
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Schneider Electric Trio Q-Series Ethernet Data Radio, Trio E-Series Ethernet Data Radio and Trio J-Series Ethernet Data Radio and classified as problematic. This issue affects some unknown processing. This manipulation causes code download. The identification of this vulnerability is CVE-2023-5630. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
Details
A vulnerability has been found in Schneider Electric Trio Q-Series Ethernet Data Radio, Trio E-Series Ethernet Data Radio and Trio J-Series Ethernet Data Radio (SCADA Software) (the affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part. The manipulation with an unknown input leads to a code download vulnerability. The CWE definition for the vulnerability is CWE-494. The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
The weakness was shared 12/14/2023 as SEVD-2023-346-01. It is possible to read the advisory at download.schneider-electric.com. This vulnerability is known as CVE-2023-5630 since 10/18/2023. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1495 according to MITRE ATT&CK.
Applying a patch is able to eliminate this problem.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.1
VulDB Base Score: 7.2
VulDB Temp Score: 6.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.9
NVD Vector: 🔍
CNA Base Score: 6.5
CNA Vector (Schneider Electric SE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Code downloadCWE: CWE-494
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
10/18/2023 🔍12/14/2023 🔍
12/14/2023 🔍
01/10/2024 🔍
Sources
Vendor: schneider-electric.comAdvisory: SEVD-2023-346-01
Status: Confirmed
CVE: CVE-2023-5630 (🔍)
GCVE (CVE): GCVE-0-2023-5630
GCVE (VulDB): GCVE-100-247999
Entry
Created: 12/14/2023 07:57Updated: 01/10/2024 16:26
Changes: 12/14/2023 07:57 (49), 01/10/2024 16:26 (11)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.