CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-5984

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.3%

CVSS Severity

CVSS v3 Score 7.2

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf

Products affected by CVE-2023-5984

Schneider-Electric » Ion8650 » Version: N/A

cpe:2.3:h:schneider-electric:ion8650:-
Schneider-Electric » Ion8800 » Version: N/A

cpe:2.3:h:schneider-electric:ion8800:-
Schneider-Electric » Ion8650 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:ion8650_firmware:-
Schneider-Electric » Ion8800 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:ion8800_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-5984

Products

Pricing

Contact Us