8.8
CVE-2023-29410
- EPSS 0.12%
- Published 18.04.2023 22:15:08
- Last modified 21.11.2024 07:57:00
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Insighthome Firmware Version < 1.16
Schneider-electric ≫ Insighthome Firmware Version1.16 Update-
Schneider-electric ≫ Insighthome Firmware Version1.16 Updatebuild_004
Schneider-electric ≫ Insightfacility Firmware Version < 1.16
Schneider-electric ≫ Insightfacility Firmware Version1.16 Update-
Schneider-electric ≫ Insightfacility Firmware Version1.16 Updatebuild_004
Schneider-electric ≫ Conext Gateway Firmware Version < 1.16
Schneider-electric ≫ Conext Gateway Firmware Version1.16 Update-
Schneider-electric ≫ Conext Gateway Firmware Version1.16 Updatebuild_004
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.316 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cybersecurity@se.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.