CVE-2023-5402 — Improper Privilege Management in C-bus Toolkit

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 48.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric C-bus Toolkit Schneider Electric C-bus Toolkit

Timeline

PublishedOct 4

Description

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDschneider-electric/c-bus_toolkit1.16.3

▶CVEListV5schneider_electric/c-bus_toolkitv1.16.3 and prior

🔴Vulnerability Details

GHSA

GHSA-hxm5-w6ww-6qfp: A?CWE-269: Improper Privilege Management vulnerability exists?that could cause?a local privilege escalation?when the transfer command is used↗2023-10-04

▶

CVEList

CVE-2023-5402: A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the netw↗2023-10-04

▶