CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-25619
https://notcve.org/view.php?id=CVE-2023-25619
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28004
https://notcve.org/view.php?id=CVE-2023-28004
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-02.pdf • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-29410
https://notcve.org/view.php?id=CVE-2023-29410
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28003
https://notcve.org/view.php?id=CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-01.pdf • CWE-613: Insufficient Session Expiration •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25555
https://notcve.org/view.php?id=CVE-2023-25555
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •