PT-2023-3117 · Schneider Electric+1 · Schneider Electric Ecostruxure Operator Terminal Expert+1
Published
2023-06-13
·
Updated
2023-08-15
·
CVE-2023-1049
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Schneider Electric EcoStruxure Operator Terminal Expert (affected versions not specified)
Pro-face BLUE (affected versions not specified)
Description
A code injection vulnerability exists, potentially allowing the execution of malicious code when a user loads a project file from the local filesystem into the HMI. This issue is related to improper control of code generation and could enable an attacker to execute arbitrary code by loading a specially crafted project file.
Recommendations
For Schneider Electric EcoStruxure Operator Terminal Expert, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Pro-face BLUE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pro-Face Blue
Schneider Electric Ecostruxure Operator Terminal Expert