8.8
CVE-2023-29410
- EPSS 0.12%
- Veröffentlicht 18.04.2023 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:57:00
- Quelle cybersecurity@se.com
- Teams Watchlist Login
- Unerledigt Login
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Insighthome Firmware Version < 1.16
Schneider-electric ≫ Insighthome Firmware Version1.16 Update-
Schneider-electric ≫ Insighthome Firmware Version1.16 Updatebuild_004
Schneider-electric ≫ Insightfacility Firmware Version < 1.16
Schneider-electric ≫ Insightfacility Firmware Version1.16 Update-
Schneider-electric ≫ Insightfacility Firmware Version1.16 Updatebuild_004
Schneider-electric ≫ Conext Gateway Firmware Version < 1.16
Schneider-electric ≫ Conext Gateway Firmware Version1.16 Update-
Schneider-electric ≫ Conext Gateway Firmware Version1.16 Updatebuild_004
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.316 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cybersecurity@se.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.