← Back

CVE-2023-29410

nvd nist
Published: Apr 18, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.

Affected (9)

Schneider Electric
3 products
Insighthome Firmware
Insightfacility Firmware
Conext Gateway Firmware
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Insighthome Firmware
Before 1.16
Insighthome Firmware
Version 1.16
Insighthome Firmware
Version 1.16 build_004
Running on/withPlatform Versions
Schneider Electric
Insighthome
All versions
Configuration B
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Insightfacility Firmware
Before 1.16
Insightfacility Firmware
Version 1.16
Insightfacility Firmware
Version 1.16 build_004
Running on/withPlatform Versions
Schneider Electric
Insightfacility
All versions
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Conext Gateway Firmware
Before 1.16
Conext Gateway Firmware
Version 1.16
Conext Gateway Firmware
Version 1.16 build_004
Running on/withPlatform Versions
Schneider Electric
Conext Gateway
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: cybersecurity@se.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.