CVE-2023-3953

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*

History

15 Aug 2023, 15:40

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex::::::::
References	~~(MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf -~~	(MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf - Vendor Advisory

09 Aug 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-09 15:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-3953

Mitre link : CVE-2023-3953

CVE.ORG link : CVE-2023-3953

JSON object : View

Products Affected

schneider-electric

pro-face_gp-pro_ex

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2023-3953", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2023-08-09T15:15:09.623", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "\nA CWE-119: Improper Restriction of Operations within the Bounds of a Memory\nBuffer vulnerability exists that could cause memory corruption when an authenticated user\nopens a tampered log file from GP-Pro EX."}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-119: Restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria que podr\u00eda provocar da\u00f1os en la memoria cuando un usuario autenticado abre un archivo de registro manipulado desde GP-Pro EX."}], "lastModified": "2023-08-15T15:40:42.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:pro-face_gp-pro_ex:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED20D73-6B2A-42AE-AFC8-C28284E88E5E", "versionEndExcluding": "4.09.500"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}