CVE-2023-27975

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 80.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Control Expert Schneider-electric Ecostruxure Process Expert Schneider Electric Ecostruxure Control Expert +1 more

Timeline

PublishedFeb 14

Description

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDschneider-electric/ecostruxure_control_expert< 16.0

▶CVEListV5schneider_electric/ecostruxure_control_expertVersions prior to v16.0

▶NVDschneider-electric/ecostruxure_process_expert< 2023

▶CVEListV5schneider_electric/ecostruxure_process_expertVersions prior to v2023

🔴Vulnerability Details

CVEList

CVE-2023-27975: CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Exp↗2024-02-14

▶

GHSA

GHSA-mhhw-jg8w-3gj8: CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Exp↗2024-02-14

▶