CVE-2013-0655

EPSS 1.58%
Published 21.01.2013 16:55:01
Last modified 11.04.2025 00:51:21
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Software Update Utility Version1.0

Schneider-electric ≫ Software Update Utility Version1.0.13

Schneider-electric ≫ Software Update Utility Version1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.58%	0.799

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.schneider-electric.com/download/ww/en/details/29960967-SE-Software-Update-Utility-Vulnerability-Disclosure/?reference=SEVD-2013-009-01

http://www.us-cert.gov/control_systems/pdf/ICSA-13-016-01.pdf

US Government Resource

http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130109_advisory_of_vulnerability_affecting_schneider_electric_s_software_upda.xml

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0655

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0655

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0655

EUVD