CVE-2023-1049
published 2023-06-14CVE-2023-1049: A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause execution of malicious code when an unsuspicious user loads a project file from the
local filesystem into the HMI.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pimcore | demo | >= 0 < 10.3.0 | 10.3.0 |
| schneider-electric | ecostruxure_operator_terminal_expert | < 3.3 | 3.3 |
| schneider-electric | ecostruxure_operator_terminal_expert | — | — |
| schneider-electric | pro-face_blue | < 3.3 | 3.3 |
| schneider-electric | pro-face_blue | — | — |
| schneider_electric | ecostruxure_operator_terminal_expert | — | — |
| schneider_electric | pro-face_blue | — | — |