cvelistv5 - cve-2023-37199

CVE-2023-37199 (GCVE-0-2023-37199)

Vulnerability from cvelistv5 – Published: 2023-07-12 07:04 – Updated: 2024-11-07 14:44

Summary

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

	Vendor	Product	Version
	Schneider Electric	StruxureWare Data Center Expert	Affected: v7.9.3 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:33.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "struxureware_data_center_expert",
            "vendor": "schneider-electric",
            "versions": [
              {
                "lessThanOrEqual": "7.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T14:42:11.667073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T14:44:46.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "StruxureWare Data Center Expert ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v7.9.3 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
            }
          ],
          "value": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T07:04:08.510Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-37199",
    "datePublished": "2023-07-12T07:04:08.510Z",
    "dateReserved": "2023-06-28T14:14:13.863Z",
    "dateUpdated": "2024-11-07T14:44:46.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.9.3\", \"matchCriteriaId\": \"DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\\ncould cause remote code execution when an admin user on DCE tampers with backups which\\nare then manually restored. \\n\\n\\n\"}]",
      "id": "CVE-2023-37199",
      "lastModified": "2024-11-21T08:11:10.723",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
      "published": "2023-07-12T08:15:10.133",
      "references": "[{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-37199\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2023-07-12T08:15:10.133\",\"lastModified\":\"2024-11-21T08:11:10.723\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\\ncould cause remote code execution when an admin user on DCE tampers with backups which\\nare then manually restored. \\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.9.3\",\"matchCriteriaId\":\"DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE\"}]}]}],\"references\":[{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:09:33.130Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37199\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T14:42:11.667073Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*\"], \"vendor\": \"schneider-electric\", \"product\": \"struxureware_data_center_expert\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.9.3\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T14:44:41.547Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Schneider Electric\", \"product\": \"StruxureWare Data Center Expert \", \"versions\": [{\"status\": \"affected\", \"version\": \"v7.9.3 and earlier\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\\ncould cause remote code execution when an admin user on DCE tampers with backups which\\nare then manually restored. \\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\\ncould cause remote code execution when an admin user on DCE tampers with backups which\\nare then manually restored. \\n\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"076d1eb6-cfab-4401-b34d-6dfc2a413bdb\", \"shortName\": \"schneider\", \"dateUpdated\": \"2023-07-12T07:04:08.510Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-37199\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-07T14:44:46.940Z\", \"dateReserved\": \"2023-06-28T14:14:13.863Z\", \"assignerOrgId\": \"076d1eb6-cfab-4401-b34d-6dfc2a413bdb\", \"datePublished\": \"2023-07-12T07:04:08.510Z\", \"assignerShortName\": \"schneider\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-37199

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-37199

Aliases

CVE-2023-37199

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-37199",
    "id": "GSD-2023-37199"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-37199"
      ],
      "details": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n",
      "id": "GSD-2023-37199",
      "modified": "2023-12-13T01:20:24.411427Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2023-37199",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "StruxureWare Data Center Expert ",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "v7.9.3 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf",
            "refsource": "MISC",
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.9.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2023-37199"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-07-20T00:40Z",
      "publishedDate": "2023-07-12T08:15Z"
    }
  }
}

CERTFR-2023-AVI-0525

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

StruxureWare Data Center Expert versions antérieures à 8.0
EcoStruxure OPC UA Server Expert versions antérieures à SV2.01 SP2
Accutech Manager versions antérieures à 2.8

Pour les produits vulnérables listés ci-dessous, en l'attente d'un correctif, l'éditeur recommande d'appliquer un certain nombre de mesures d'atténuation :

HMISCU Controller
Modicon Controller LMC078
Modicon Controller M241
Modicon Controller M251
Modicon Controller M262
Modicon Controller M258
Modicon Controller LMC058
Modicon Controller M218
PacDrive 3 Controllers LMC
Eco/Pro/Pro2
SoftSPS embedded in
EcoStruxure Machine Expert

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2023-192-02 du 11 juillet 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-192-03 du 11 juillet 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-192-04 du 11 juillet 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-192-01 du 11 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eStruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 8.0\u003c/li\u003e \u003cli\u003eEcoStruxure OPC UA Server Expert versions ant\u00e9rieures \u00e0 SV2.01 SP2\u003c/li\u003e \u003cli\u003eAccutech Manager versions ant\u00e9rieures \u00e0 2.8\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour les produits vuln\u00e9rables list\u00e9s ci-dessous, en l\u0027attente d\u0027un correctif, l\u0027\u00e9diteur recommande d\u0027appliquer un certain nombre de mesures d\u0027att\u00e9nuation :\u003c/p\u003e \u003cul\u003e \u003cli\u003eHMISCU Controller\u003c/li\u003e \u003cli\u003eModicon Controller LMC078\u003c/li\u003e \u003cli\u003eModicon Controller M241\u003c/li\u003e \u003cli\u003eModicon Controller M251\u003c/li\u003e \u003cli\u003eModicon Controller M262\u003c/li\u003e \u003cli\u003eModicon Controller M258\u003c/li\u003e \u003cli\u003eModicon Controller LMC058\u003c/li\u003e \u003cli\u003eModicon Controller M218\u003c/li\u003e \u003cli\u003ePacDrive 3 Controllers LMC\u003c/li\u003e \u003cli\u003eEco/Pro/Pro2\u003c/li\u003e \u003cli\u003eSoftSPS embedded in\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-29414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29414"
    },
    {
      "name": "CVE-2022-47384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47384"
    },
    {
      "name": "CVE-2022-47388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47388"
    },
    {
      "name": "CVE-2022-47379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47379"
    },
    {
      "name": "CVE-2022-47382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47382"
    },
    {
      "name": "CVE-2023-37199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37199"
    },
    {
      "name": "CVE-2022-47378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47378"
    },
    {
      "name": "CVE-2022-47386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47386"
    },
    {
      "name": "CVE-2022-47389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47389"
    },
    {
      "name": "CVE-2022-47380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47380"
    },
    {
      "name": "CVE-2022-47387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47387"
    },
    {
      "name": "CVE-2022-47391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47391"
    },
    {
      "name": "CVE-2022-47383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47383"
    },
    {
      "name": "CVE-2022-47381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47381"
    },
    {
      "name": "CVE-2022-47393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47393"
    },
    {
      "name": "CVE-2022-47390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47390"
    },
    {
      "name": "CVE-2023-37197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37197"
    },
    {
      "name": "CVE-2022-47392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47392"
    },
    {
      "name": "CVE-2022-47385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47385"
    },
    {
      "name": "CVE-2023-37196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37196"
    },
    {
      "name": "CVE-2023-37200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37200"
    },
    {
      "name": "CVE-2023-37198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37198"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0525",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-02 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-02.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-03 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-03.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-04 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-04.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-01 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ]
}

CERTFR-2023-AVI-0525

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

StruxureWare Data Center Expert versions antérieures à 8.0
EcoStruxure OPC UA Server Expert versions antérieures à SV2.01 SP2
Accutech Manager versions antérieures à 2.8

Pour les produits vulnérables listés ci-dessous, en l'attente d'un correctif, l'éditeur recommande d'appliquer un certain nombre de mesures d'atténuation :

HMISCU Controller
Modicon Controller LMC078
Modicon Controller M241
Modicon Controller M251
Modicon Controller M262
Modicon Controller M258
Modicon Controller LMC058
Modicon Controller M218
PacDrive 3 Controllers LMC
Eco/Pro/Pro2
SoftSPS embedded in
EcoStruxure Machine Expert

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2023-192-02 du 11 juillet 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-192-03 du 11 juillet 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-192-04 du 11 juillet 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-192-01 du 11 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eStruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 8.0\u003c/li\u003e \u003cli\u003eEcoStruxure OPC UA Server Expert versions ant\u00e9rieures \u00e0 SV2.01 SP2\u003c/li\u003e \u003cli\u003eAccutech Manager versions ant\u00e9rieures \u00e0 2.8\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour les produits vuln\u00e9rables list\u00e9s ci-dessous, en l\u0027attente d\u0027un correctif, l\u0027\u00e9diteur recommande d\u0027appliquer un certain nombre de mesures d\u0027att\u00e9nuation :\u003c/p\u003e \u003cul\u003e \u003cli\u003eHMISCU Controller\u003c/li\u003e \u003cli\u003eModicon Controller LMC078\u003c/li\u003e \u003cli\u003eModicon Controller M241\u003c/li\u003e \u003cli\u003eModicon Controller M251\u003c/li\u003e \u003cli\u003eModicon Controller M262\u003c/li\u003e \u003cli\u003eModicon Controller M258\u003c/li\u003e \u003cli\u003eModicon Controller LMC058\u003c/li\u003e \u003cli\u003eModicon Controller M218\u003c/li\u003e \u003cli\u003ePacDrive 3 Controllers LMC\u003c/li\u003e \u003cli\u003eEco/Pro/Pro2\u003c/li\u003e \u003cli\u003eSoftSPS embedded in\u003c/li\u003e \u003cli\u003eEcoStruxure Machine Expert\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-29414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29414"
    },
    {
      "name": "CVE-2022-47384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47384"
    },
    {
      "name": "CVE-2022-47388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47388"
    },
    {
      "name": "CVE-2022-47379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47379"
    },
    {
      "name": "CVE-2022-47382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47382"
    },
    {
      "name": "CVE-2023-37199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37199"
    },
    {
      "name": "CVE-2022-47378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47378"
    },
    {
      "name": "CVE-2022-47386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47386"
    },
    {
      "name": "CVE-2022-47389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47389"
    },
    {
      "name": "CVE-2022-47380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47380"
    },
    {
      "name": "CVE-2022-47387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47387"
    },
    {
      "name": "CVE-2022-47391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47391"
    },
    {
      "name": "CVE-2022-47383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47383"
    },
    {
      "name": "CVE-2022-47381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47381"
    },
    {
      "name": "CVE-2022-47393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47393"
    },
    {
      "name": "CVE-2022-47390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47390"
    },
    {
      "name": "CVE-2023-37197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37197"
    },
    {
      "name": "CVE-2022-47392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47392"
    },
    {
      "name": "CVE-2022-47385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47385"
    },
    {
      "name": "CVE-2023-37196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37196"
    },
    {
      "name": "CVE-2023-37200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37200"
    },
    {
      "name": "CVE-2023-37198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37198"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0525",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-02 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-02.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-03 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-03.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-04 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-04.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-01 du 11 juillet 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ]
}

FKIE_CVE-2023-37199

Vulnerability from fkie_nvd - Published: 2023-07-12 08:15 - Updated: 2024-11-21 08:11

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	struxureware_data_center_expert	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE",
              "versionEndIncluding": "7.9.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n"
    }
  ],
  "id": "CVE-2023-37199",
  "lastModified": "2024-11-21T08:11:10.723",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T08:15:10.133",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    }
  ]
}

GHSA-V4V5-38HC-7H56

Vulnerability from github – Published: 2023-07-12 09:30 – Updated: 2024-04-04 06:02

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-37199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-12T08:15:10Z",
    "severity": "HIGH"
  },
  "details": "\nA CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\n",
  "id": "GHSA-v4v5-38hc-7h56",
  "modified": "2024-04-04T06:02:17Z",
  "published": "2023-07-12T09:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37199"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-37199 (GCVE-0-2023-37199)

GSD-2023-37199

CERTFR-2023-AVI-0525

Solution

CERTFR-2023-AVI-0525

Solution

FKIE_CVE-2023-37199

GHSA-V4V5-38HC-7H56

Tags

Sightings

Nomenclature