CVSS: 7.5EPSS: 0%CPEs: 61EXPL: 0CVE-2023-22611
https://notcve.org/view.php?id=CVE-2023-22611
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) Existe una vulnerabilidad CWE-200: Exposición de información confidencial a un actor no autorizado que podría provocar la divulgación de información cuando se envían mensajes específicos al servidor a través del puerto TCP del servidor de la base de datos. Productos afectados: EcoStruxure Geo SCADA Expert 2019 - 2021 (anteriormente conocido como ClearSCADA) (Versiones anteriores a octubre de 2022) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 72EXPL: 0CVE-2022-45789
https://notcve.org/view.php?id=CVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.1EPSS: 0%CPEs: 61EXPL: 0CVE-2023-22610
https://notcve.org/view.php?id=CVE-2023-22610
A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-32514
https://notcve.org/view.php?id=CVE-2022-32514
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) Existe una vulnerabilidad CWE-287: autenticación incorrecta que podría permitir a un atacante obtener control del dispositivo al iniciar sesión en una página web. Productos afectados: Controlador de automatización de red C-Bus - LSS5500NAC (versiones anteriores a V1.10.0), Wiser para controlador de automatización de red C-Bus - LSS5500SHAC (versiones anteriores a V1.10.0), Controlador de automatización de red Clipsal C-Bus - 5500NAC (versiones anteriores a V1.10.0), Clipsal Wiser para controlador de automatización C-Bus - 5500SHAC (versiones anteriores a V1.10.0), controlador de automatización de red SpaceLogic C-Bus - 5500NAC2 (versiones anteriores a V1.10.0), controlador de aplicaciones SpaceLogic C-Bus - 5500AC2 (Versiones anteriores a V1.10.0) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32516
https://notcve.org/view.php?id=CVE-2022-32516
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conextâ„¢ ComBox (All Versions) Existe una vulnerabilidad CWE-352: Cross Site Request Forgery (CSRF) que podría causar que las configuraciones del sistema se anulen y provoquen un bucle de reinicio cuando el producto sufre una Cross Site Request Forgery (CSRF) basada en POST. Productos afectados: Conext? ComBox (todas las versiones) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •