CVE-2023-5630 (GCVE-0-2023-5630)
Vulnerability from cvelistv5
Published
2023-12-14 04:49
Modified
2024-08-02 08:07
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CWE
  • CWE-494 - Download of Code Without Integrity Check
Summary
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
References
Impacted products
Vendor Product Version
Schneider Electric Trio Q-Series Ethernet Data Radio Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-01.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Trio Q-Series Ethernet Data Radio",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Trio E-Series Ethernet Data Radio",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Trio J-Series Ethernet Data Radio",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nA CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a\nprivileged user to install an untrusted firmware.\n\n\n\n"
            }
          ],
          "value": "\n\n\nA CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a\nprivileged user to install an untrusted firmware.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-494",
              "description": "CWE-494 Download of Code Without Integrity Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-14T04:49:38.476Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-01.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2023-5630",
    "datePublished": "2023-12-14T04:49:38.476Z",
    "dateReserved": "2023-10-18T06:16:44.486Z",
    "dateUpdated": "2024-08-02T08:07:32.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5630\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2023-12-14T05:15:13.663\",\"lastModified\":\"2024-11-21T08:42:09.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\n\\n\\nA CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a\\nprivileged user to install an untrusted firmware.\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad CWE-494: Descarga de c\u00f3digo sin verificaci\u00f3n de integridad que podr\u00eda permitir a un usuario privilegiado instalar un firmware que no es de confianza.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-494\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:eb450_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21062F1C-3DFF-423E-B877-9EC4A7512C8F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:eb450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C4743E-EA8F-41F7-B927-59119186EE58\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:eb45e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F87662D7-090B-4102-97EA-953E82EDC6D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:eb45e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F330AF13-C6E6-4BC3-80B1-717D755CB304\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:eh450_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02F28552-804B-4E93-9C0B-459432F4C7D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:eh450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A3352D-B514-4A6F-88F9-B22FC87B223A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:eh45e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"030A8208-5ABB-4F4D-BF37-70A8FB0F99E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:eh45e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C624E8B-75CF-4176-B74B-1132B4CBDB65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:er450_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"944C4A5F-5CBA-4169-8ED9-DC3BAF5EEC04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:er450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F26352-CB68-4674-B71F-697E86D36217\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:er45e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9A097E0-13E2-45F2-AF8E-E5EA4D1AEE7D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:er45e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59E1DDCC-E95A-4FBF-99AD-3225DD03C0F1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:jr240_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644B0D04-1D2B-42BF-A43F-9155DE63BCE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:jr240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CAB2776-BC11-4CD5-B0AE-EFCB89D04C86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:jr900_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36FE5F9E-FDA4-40C6-82A5-27CAA02B3D04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:jr900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D30DB44F-D82C-4072-82EF-9BC9D2EC27C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qr450_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"C186BF8E-C108-4689-A34A-324A95CF589F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qr450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC2441EF-2DD9-4174-8421-3F521F96CE1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qr150_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"50B32D14-79D7-45FB-8C11-7B95B37083A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qr150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49302836-DFBE-454A-AB83-4638CB684BF1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qb450_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"74F7A88E-A0BB-43B5-B54F-385A02790FE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qb450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"004A77A5-5E91-4EDA-A10D-F03932B2A873\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qb150_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"67092820-EB7F-475C-903D-9A0B0AF34CD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qb150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D82FD907-1946-4E02-9AAE-749D8DDF766D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qp450_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"8F7B149E-AA67-4F69-A620-385AEB48832A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qp450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FE6FD95-99FA-4A74-840F-D3E32FF48166\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qp150_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"FF6C3BE6-A707-4779-AE91-A6993994627E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qp150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BE803BD-F5A3-4BB4-995B-02E395E667F5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qh450_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"BEF6A365-9AF7-4D1C-ACBF-C607EB78F0AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qh450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AA4D76-E32C-4EE5-B36F-6DF1827B35DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:qh150_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.0\",\"matchCriteriaId\":\"7F4EA25C-AD2C-4610-8159-5A4FA8F1F008\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:qh150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5ABB78-4B7E-4C24-BA89-8798059B3B56\"}]}]}],\"references\":[{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-01.pdf\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-01.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.