CVE-2023-5985

{"id": "CVE-2023-5985", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2023-11-15T04:15:19.290", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nA CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability\nexists that could cause compromise of a user\u2019s browser when an attacker with admin privileges\nhas modified system values.\n\n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-79: Neutralizaci\u00f3n Inadecuada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web que podr\u00eda comprometer el navegador de un usuario cuando un atacante con privilegios de administrador ha modificado los valores del sistema."}], "lastModified": "2023-11-21T20:08:25.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:ion8650_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F157E99-370C-46CD-BB4F-88BC5B55E8B0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:ion8800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1936E11C-833A-4E02-A0F9-D53E12FB88D5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}