CVE-2023-6409

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

7.7HIGH

EPSS

0.1%

top 82.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ecostruxure Control Expert Schneider-electric Ecostruxure Process Expert Schneider Electric Ecostruxure Control Expert +1 more

Timeline

PublishedFeb 14

Description

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages4 packages

▶NVDschneider-electric/ecostruxure_control_expert< 16.0

▶CVEListV5schneider_electric/ecostruxure_control_expertVersions prior to v16.0

▶NVDschneider-electric/ecostruxure_process_expert< 2023

▶CVEListV5schneider_electric/ecostruxure_process_expertVersions prior to v2023

🔴Vulnerability Details

GHSA

GHSA-57mc-gf87-2j5v: CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password↗2024-02-14

▶

CVEList

CVE-2023-6409: CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password↗2024-02-14

▶