CVE-2019-6823
CRITICALProClima < 8.0.0 - Unauthenticated Remote Code Execution
Title source: llmDescription
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.schneider-electric.com/en/download/document/SEVD-2019-162-01/
Scores
CVSS v3
9.8
EPSS
0.0963
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
schneider-electric/proclima
< 8.0.0
Published
Jul 15, 2019
Tracked Since
Feb 18, 2026