CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-27976

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v3 Score 8.8

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf

Products affected by CVE-2023-27976

Schneider-Electric » Ecostruxure Control Expert » Version: 15.1

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1
Schneider-Electric » Ecostruxure Control Expert » Version: 15.2

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.2
Schneider-Electric » Ecostruxure Control Expert » Version: 15.3

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.3
Schneider-Electric » Ecostruxure Control Expert » Version: 16.0

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:16.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27976

Products

Pricing

Contact Us