CVE-2023-3953
https://notcve.org/view.php?id=CVE-2023-3953
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-29414
https://notcve.org/view.php?id=CVE-2023-29414
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-03.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-37199
https://notcve.org/view.php?id=CVE-2023-37199
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37198
https://notcve.org/view.php?id=CVE-2023-37198
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37197
https://notcve.org/view.php?id=CVE-2023-37197
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •