Sign-up

ID

VAR-202304-1416


CVE

CVE-2023-28004


TITLE

Schneider Electric  of  powerlogic hdpm6000  Array index validation vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-008896

DESCRIPTION

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. (DoS) It may be in a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provides improved power factor to improve power quality and troubleshoot power failures to protect networks, devices and operators. Schneider Electric PowerLogic HDPM6000 0.58.6 and earlier versions have an input validation error vulnerability. The vulnerability stems from incorrect validation of array indexes

Trust: 2.25

sources: NVD: CVE-2023-28004 // JVNDB: JVNDB-2023-008896 // CNVD: CNVD-2023-34448 // VULMON: CVE-2023-28004

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-34448

AFFECTED PRODUCTS

vendor:schneider electricmodel:powerlogic hdpm6000scope:lteversion:0.58.6

Trust: 1.0

vendor:schneider electricmodel:powerlogic hdpm6000scope:eqversion: -

Trust: 0.8

vendor:schneider electricmodel:powerlogic hdpm6000scope:lteversion:powerlogic hdpm6000 firmware 0.58.6 and earlier

Trust: 0.8

vendor:schneider electricmodel:powerlogic hdpm6000scope: - version: -

Trust: 0.8

vendor:schneidermodel:electric powerlogic hdpm6000scope:lteversion:<=0.58.6

Trust: 0.6

sources: CNVD: CNVD-2023-34448 // JVNDB: JVNDB-2023-008896 // NVD: CVE-2023-28004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-28004
value: CRITICAL

Trust: 1.0

cybersecurity@se.com: CVE-2023-28004
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-28004
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2023-34448
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202304-1576
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2023-34448
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-28004
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-28004
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-34448 // JVNDB: JVNDB-2023-008896 // CNNVD: CNNVD-202304-1576 // NVD: CVE-2023-28004 // NVD: CVE-2023-28004

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.0

problemtype:Improper validation of array indexes (CWE-129) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-008896 // NVD: CVE-2023-28004

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-1576

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202304-1576

PATCH

title:Patch for Schneider Electric PowerLogic Input Validation Error Vulnerability (CNVD-2023-34448)url:https://www.cnvd.org.cn/patchInfo/show/420866

Trust: 0.6

title:Schneider Electric PowerLogic Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=235381

Trust: 0.6

sources: CNVD: CNVD-2023-34448 // CNNVD: CNNVD-202304-1576

EXTERNAL IDS

db:NVDid:CVE-2023-28004

Trust: 3.9

db:SCHNEIDERid:SEVD-2023-073-02

Trust: 2.5

db:JVNDBid:JVNDB-2023-008896

Trust: 0.8

db:CNVDid:CNVD-2023-34448

Trust: 0.6

db:CNNVDid:CNNVD-202304-1576

Trust: 0.6

db:VULMONid:CVE-2023-28004

Trust: 0.1

sources: CNVD: CNVD-2023-34448 // VULMON: CVE-2023-28004 // JVNDB: JVNDB-2023-008896 // CNNVD: CNNVD-202304-1576 // NVD: CVE-2023-28004

REFERENCES

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-073-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-073-02.pdf

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-28004

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2023-28004/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/129.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-34448 // VULMON: CVE-2023-28004 // JVNDB: JVNDB-2023-008896 // CNNVD: CNNVD-202304-1576 // NVD: CVE-2023-28004

SOURCES

db:CNVDid:CNVD-2023-34448
db:VULMONid:CVE-2023-28004
db:JVNDBid:JVNDB-2023-008896
db:CNNVDid:CNNVD-202304-1576
db:NVDid:CVE-2023-28004

LAST UPDATE DATE

2024-08-14T15:16:06.092000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-34448date:2023-05-08T00:00:00
db:VULMONid:CVE-2023-28004date:2023-04-19T00:00:00
db:JVNDBid:JVNDB-2023-008896date:2023-12-04T03:44:00
db:CNNVDid:CNNVD-202304-1576date:2023-05-04T00:00:00
db:NVDid:CVE-2023-28004date:2023-04-28T13:24:07.207

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-34448date:2023-04-27T00:00:00
db:VULMONid:CVE-2023-28004date:2023-04-18T00:00:00
db:JVNDBid:JVNDB-2023-008896date:2023-12-04T00:00:00
db:CNNVDid:CNNVD-202304-1576date:2023-04-18T00:00:00
db:NVDid:CVE-2023-28004date:2023-04-18T22:15:07.350