cvelistv5 - cve-2023-3953

CVE-2023-3953 (GCVE-0-2023-3953)

Vulnerability from cvelistv5 – Published: 2023-08-09 14:02 – Updated: 2024-10-09 18:10

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

schneider

References

URL

Tags

https://download.schneider-electric.com/files?p_D…

Impacted products

Vendor

Product

Version

Schneider Electric

GP-Pro EX WinGP for iPC

Affected: v4.09.450 and prior

Schneider Electric

GP-Pro EX WinGP for PC/AT

Affected: v4.09.450 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T17:55:24.434489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T18:10:11.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GP-Pro EX WinGP for iPC",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v4.09.450 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GP-Pro EX WinGP for PC/AT",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "v4.09.450 and prior"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T13:56:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
            }
          ],
          "value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-09T14:02:44.472Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-3953",
    "datePublished": "2023-08-09T14:02:44.472Z",
    "dateReserved": "2023-07-26T08:14:55.340Z",
    "dateUpdated": "2024-10-09T18:10:11.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.09.500\", \"matchCriteriaId\": \"CED20D73-6B2A-42AE-AFC8-C28284E88E5E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\\nopens a tampered log file from GP-Pro EX.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad CWE-119: Restricci\\u00f3n inadecuada de operaciones dentro de los l\\u00edmites de un b\\u00fafer de memoria que podr\\u00eda provocar da\\u00f1os en la memoria cuando un usuario autenticado abre un archivo de registro manipulado desde GP-Pro EX.\"}]",
      "id": "CVE-2023-3953",
      "lastModified": "2024-11-21T08:18:23.407",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.4}]}",
      "published": "2023-08-09T15:15:09.623",
      "references": "[{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3953\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2023-08-09T15:15:09.623\",\"lastModified\":\"2024-11-21T08:18:23.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\\nopens a tampered log file from GP-Pro EX.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad CWE-119: Restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria que podr\u00eda provocar da\u00f1os en la memoria cuando un usuario autenticado abre un archivo de registro manipulado desde GP-Pro EX.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.09.500\",\"matchCriteriaId\":\"CED20D73-6B2A-42AE-AFC8-C28284E88E5E\"}]}]}],\"references\":[{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.790Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3953\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T17:55:24.434489Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T18:10:06.506Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Schneider Electric\", \"product\": \"GP-Pro EX WinGP for iPC\", \"versions\": [{\"status\": \"affected\", \"version\": \"v4.09.450 and prior\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Schneider Electric\", \"product\": \"GP-Pro EX WinGP for PC/AT\", \"versions\": [{\"status\": \"affected\", \"version\": \"v4.09.450 and prior\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-08-08T13:56:00.000Z\", \"references\": [{\"url\": \"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\\nopens a tampered log file from GP-Pro EX.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\\nopens a tampered log file from GP-Pro EX.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"076d1eb6-cfab-4401-b34d-6dfc2a413bdb\", \"shortName\": \"schneider\", \"dateUpdated\": \"2023-08-09T14:02:44.472Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-3953\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T18:10:11.842Z\", \"dateReserved\": \"2023-07-26T08:14:55.340Z\", \"assignerOrgId\": \"076d1eb6-cfab-4401-b34d-6dfc2a413bdb\", \"datePublished\": \"2023-08-09T14:02:44.472Z\", \"assignerShortName\": \"schneider\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2023-64088

Vulnerability from cnvd - Published: 2023-08-23

Title

Schneider Electric Pro-face GP-Pro EX存在缓冲区溢出漏洞

Description

Schneider Electric GP-Pro EX是法国施耐德电气（Schneider Electric）公司的一套HMI界面编辑和逻辑编程软件。 Schneider Electric Pro-face GP-Pro EX存在缓冲区溢出漏洞。该漏洞源于内存缓冲区范围内操作不当限制，攻击者可利用该漏洞导致内存损坏。

Severity

中

Patch Name

Schneider Electric GP-Pro EX缓冲区溢出漏洞的补丁

Patch Description

Schneider Electric GP-Pro EX是法国施耐德电气（Schneider Electric）公司的一套HMI界面编辑和逻辑编程软件。 Schneider Electric GP-Pro EX存在缓冲区溢出漏洞。该漏洞源于内存缓冲区范围内操作不当限制，攻击者可利用该漏洞导致内存损坏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.1

Reference

https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9

Impacted products

Name
Schneider Electric Pro-face GP-Pro EX <4.09.500

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-3953",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-3953"
    }
  },
  "description": "Schneider Electric GP-Pro EX\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957HMI\u754c\u9762\u7f16\u8f91\u548c\u903b\u8f91\u7f16\u7a0b\u8f6f\u4ef6\u3002\n\nSchneider Electric Pro-face GP-Pro EX\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u5b58\u7f13\u51b2\u533a\u8303\u56f4\u5185\u64cd\u4f5c\u4e0d\u5f53\u9650\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u635f\u574f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/PrestaShop/PrestaShop/releases/tag/8.1.1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-64088",
  "openTime": "2023-08-23",
  "patchDescription": "Schneider Electric GP-Pro EX\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957HMI\u754c\u9762\u7f16\u8f91\u548c\u903b\u8f91\u7f16\u7a0b\u8f6f\u4ef6\u3002\r\n\r\nSchneider Electric GP-Pro EX\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u5b58\u7f13\u51b2\u533a\u8303\u56f4\u5185\u64cd\u4f5c\u4e0d\u5f53\u9650\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5185\u5b58\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric GP-Pro EX\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric Pro-face GP-Pro EX \u003c4.09.500"
  },
  "referenceLink": "https://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9",
  "serverity": "\u4e2d",
  "submitTime": "2023-08-14",
  "title": "Schneider Electric Pro-face GP-Pro EX\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-W9VH-F798-WVVC

Vulnerability from github – Published: 2023-08-09 15:30 – Updated: 2024-04-04 06:44

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-3953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-09T15:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX.",
  "id": "GHSA-w9vh-f798-wvvc",
  "modified": "2024-04-04T06:44:31Z",
  "published": "2023-08-09T15:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3953"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0632

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EcoStruxure™ Process Expert toutes versions
Schneider Electric	N/A	Harmony et Easy Harmony, Vijeo Designer embarqué dans EcoStruxure™ Machine Expert toutes versions
Schneider Electric	N/A	GP-Pro EX WinGP pour iPC et PC/AT versions antérieures à 4.09.500

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2023-192-04 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-010-06 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-010-05 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-220-01 du 8 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EcoStruxure\u2122 Process Expert toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Harmony et Easy Harmony, Vijeo Designer embarqu\u00e9 dans EcoStruxure\u2122 Machine Expert toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX WinGP pour iPC et PC/AT versions ant\u00e9rieures \u00e0 4.09.500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-37549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37549"
    },
    {
      "name": "CVE-2023-3953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3953"
    },
    {
      "name": "CVE-2023-37550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37550"
    },
    {
      "name": "CVE-2023-37556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37556"
    },
    {
      "name": "CVE-2022-4046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4046"
    },
    {
      "name": "CVE-2023-37558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37558"
    },
    {
      "name": "CVE-2023-3662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3662"
    },
    {
      "name": "CVE-2023-37559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37559"
    },
    {
      "name": "CVE-2023-37548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37548"
    },
    {
      "name": "CVE-2023-37545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37545"
    },
    {
      "name": "CVE-2023-37557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37557"
    },
    {
      "name": "CVE-2023-37555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37555"
    },
    {
      "name": "CVE-2023-28355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28355"
    },
    {
      "name": "CVE-2023-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3670"
    },
    {
      "name": "CVE-2023-37553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37553"
    },
    {
      "name": "CVE-2023-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3669"
    },
    {
      "name": "CVE-2022-45789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45789"
    },
    {
      "name": "CVE-2023-37554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37554"
    },
    {
      "name": "CVE-2022-45788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45788"
    },
    {
      "name": "CVE-2023-37552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37552"
    },
    {
      "name": "CVE-2023-37551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37551"
    },
    {
      "name": "CVE-2023-37546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37546"
    },
    {
      "name": "CVE-2023-37547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37547"
    },
    {
      "name": "CVE-2023-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3663"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0632",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-08T00:00:00.000000"
    },
    {
      "description": "Ajoout des vuln\u00e9rabilit\u00e9s list\u00e9es par CODESYS.",
      "revision_date": "2023-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-04 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-04.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-06 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-220-01 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
    }
  ]
}

CERTFR-2023-AVI-0632

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EcoStruxure™ Process Expert toutes versions
Schneider Electric	N/A	Harmony et Easy Harmony, Vijeo Designer embarqué dans EcoStruxure™ Machine Expert toutes versions
Schneider Electric	N/A	GP-Pro EX WinGP pour iPC et PC/AT versions antérieures à 4.09.500

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2023-192-04 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-010-06 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-010-05 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2023-220-01 du 8 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EcoStruxure\u2122 Process Expert toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Harmony et Easy Harmony, Vijeo Designer embarqu\u00e9 dans EcoStruxure\u2122 Machine Expert toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "GP-Pro EX WinGP pour iPC et PC/AT versions ant\u00e9rieures \u00e0 4.09.500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-37549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37549"
    },
    {
      "name": "CVE-2023-3953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3953"
    },
    {
      "name": "CVE-2023-37550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37550"
    },
    {
      "name": "CVE-2023-37556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37556"
    },
    {
      "name": "CVE-2022-4046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4046"
    },
    {
      "name": "CVE-2023-37558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37558"
    },
    {
      "name": "CVE-2023-3662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3662"
    },
    {
      "name": "CVE-2023-37559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37559"
    },
    {
      "name": "CVE-2023-37548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37548"
    },
    {
      "name": "CVE-2023-37545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37545"
    },
    {
      "name": "CVE-2023-37557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37557"
    },
    {
      "name": "CVE-2023-37555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37555"
    },
    {
      "name": "CVE-2023-28355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28355"
    },
    {
      "name": "CVE-2023-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3670"
    },
    {
      "name": "CVE-2023-37553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37553"
    },
    {
      "name": "CVE-2023-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3669"
    },
    {
      "name": "CVE-2022-45789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45789"
    },
    {
      "name": "CVE-2023-37554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37554"
    },
    {
      "name": "CVE-2022-45788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45788"
    },
    {
      "name": "CVE-2023-37552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37552"
    },
    {
      "name": "CVE-2023-37551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37551"
    },
    {
      "name": "CVE-2023-37546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37546"
    },
    {
      "name": "CVE-2023-37547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37547"
    },
    {
      "name": "CVE-2023-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3663"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0632",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-08T00:00:00.000000"
    },
    {
      "description": "Ajoout des vuln\u00e9rabilit\u00e9s list\u00e9es par CODESYS.",
      "revision_date": "2023-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-04 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-04.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-06 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-220-01 du 8 ao\u00fbt 2023",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
    }
  ]
}

GSD-2023-3953

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-3953

Aliases

CVE-2023-3953

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-3953",
    "id": "GSD-2023-3953"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-3953"
      ],
      "details": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX.",
      "id": "GSD-2023-3953",
      "modified": "2023-12-13T01:20:54.292964Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2023-3953",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GP-Pro EX WinGP for iPC",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "v4.09.450 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "GP-Pro EX WinGP for PC/AT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "v4.09.450 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-119",
                "lang": "eng",
                "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf",
            "refsource": "MISC",
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.09.500",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2023-3953"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2023-08-15T15:40Z",
      "publishedDate": "2023-08-09T15:15Z"
    }
  }
}

FKIE_CVE-2023-3953

Vulnerability from fkie_nvd - Published: 2023-08-09 15:15 - Updated: 2024-11-21 08:18

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Summary

References

	URL	Tags
	cybersecurity@se.com	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	pro-face_gp-pro_ex	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED20D73-6B2A-42AE-AFC8-C28284E88E5E",
              "versionEndExcluding": "4.09.500",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-119: Restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria que podr\u00eda provocar da\u00f1os en la memoria cuando un usuario autenticado abre un archivo de registro manipulado desde GP-Pro EX."
    }
  ],
  "id": "CVE-2023-3953",
  "lastModified": "2024-11-21T08:18:23.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "cybersecurity@se.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-09T15:15:09.623",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-220-01.pdf"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202308-2035

Vulnerability from variot - Updated: 2024-01-20 23:18

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. Schneider Electric of Pro-Face GP-Pro EX Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software from the French Schneider Electric company.

Schneider Electric Pro-face GP-Pro EX has a buffer overflow vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2035",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pro-face gp-pro ex",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "4.09.500"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "4.09.500"
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "pro-face gp-pro ex",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "electric pro-face gp-pro ex",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "4.09.500"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.09.500",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "cve": "CVE-2023-3953",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2023-64088",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2023-3953",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-3953",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "cybersecurity@se.com",
            "id": "CVE-2023-3953",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-64088",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX. Schneider Electric of Pro-Face GP-Pro EX Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Schneider Electric GP-Pro EX is a set of HMI interface editing and logic programming software from the French Schneider Electric company. \n\r\n\r\nSchneider Electric Pro-face GP-Pro EX has a buffer overflow vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-3953"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-3953",
        "trust": 3.3
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2023-220-01",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-3953",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-3953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "id": "VAR-202308-2035",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      }
    ]
  },
  "last_update_date": "2024-01-20T23:18:08.343000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patches for Schneider Electric GP-Pro EX Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/452181"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-220-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-220-01.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3953"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/prestashop/prestashop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-3953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-3953"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "date": "2023-08-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-3953"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "date": "2023-08-09T15:15:09.623000",
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-64088"
      },
      {
        "date": "2023-08-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-3953"
      },
      {
        "date": "2024-01-19T06:25:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      },
      {
        "date": "2023-08-15T15:40:42.007000",
        "db": "NVD",
        "id": "CVE-2023-3953"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider\u00a0Electric\u00a0 of \u00a0Pro-Face\u00a0GP-Pro\u00a0EX\u00a0 Buffer error vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021506"
      }
    ],
    "trust": 0.8
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-3953 (GCVE-0-2023-3953)

CNVD-2023-64088

GHSA-W9VH-F798-WVVC

CERTFR-2023-AVI-0632

Solution

CERTFR-2023-AVI-0632

Solution

GSD-2023-3953

FKIE_CVE-2023-3953

VAR-202308-2035

Tags

Sightings

Nomenclature