CVE-2023-1548 — Improper Privilege Management in Electric Ecostruxure Control Expert

CWE-269 — Improper Privilege Management6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure Control Expert Schneider-electric Ecostruxure Control Expert

Timeline

PublishedApr 18

Latest updateDec 24

Description

A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5schneider_electric/ecostruxure_control_expertV15.1 and above

▶NVDschneider-electric/ecostruxure_control_expert

🔴Vulnerability Details

OSV

fs/ntfs3: Fix OOB read in indx_insert_into_buffer↗2025-12-24

▶

GHSA

GHSA-w35h-r9ff-45q4: A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server↗2023-07-06

▶

CVEList

CVE-2023-1548: A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server↗2023-04-18

▶

📋Vendor Advisories

Red Hat

kernel: fs/ntfs3: Fix OOB read in indx_insert_into_buffer↗2025-12-24

▶