CVE-2013-0655

CWE-20Improper Input Validation3 documents3 sources
Severity
9.3CRITICAL
EPSS
1.5%
top 19.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Software Update Utility
Timeline
PublishedJan 21
Latest updateMay 17

Description

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8q56-7r9c-2j9q: The client in Schneider Electric Software Update (SESU) Utility 12022-05-17
CVEList
CVE-2013-0655: The client in Schneider Electric Software Update (SESU) Utility 12013-01-21
CVE-2013-0655 (CRITICAL CVSS 9.3) | The client in Schneider Electric So | cvebase.io