Vulnerability Details CVE-2023-29410
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated
attacker to gain the same privilege as the application on the server when a malicious payload is
provided over HTTP for the server to execute.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.2%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-29410
-
cpe:2.3:h:schneider-electric:conext_gateway:-
-
cpe:2.3:h:schneider-electric:insightfacility:-
-
cpe:2.3:h:schneider-electric:insighthome:-
-
cpe:2.3:o:schneider-electric:conext_gateway_firmware:*
-
cpe:2.3:o:schneider-electric:conext_gateway_firmware:1.16
-
cpe:2.3:o:schneider-electric:insightfacility_firmware:*
-
cpe:2.3:o:schneider-electric:insightfacility_firmware:1.16
-
cpe:2.3:o:schneider-electric:insighthome_firmware:*
-
cpe:2.3:o:schneider-electric:insighthome_firmware:1.16