CVE-2023-5630

MEDIUM

Schneider-electric Eb450 Firmware - Download Without Integrity Check

Title source: rule
STIX 2.1

Description

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

References (1)

Scores

CVSS v3 6.5
EPSS 0.0010
EPSS Percentile 26.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-494
Status published
Products (16)
schneider-electric/eb450_firmware
schneider-electric/eb45e_firmware
schneider-electric/eh450_firmware
schneider-electric/eh45e_firmware
schneider-electric/er450_firmware
schneider-electric/er45e_firmware
schneider-electric/jr240_firmware
schneider-electric/jr900_firmware
schneider-electric/qb150_firmware < 2.7.0
schneider-electric/qb450_firmware < 2.7.0
... and 6 more
Published Dec 14, 2023
Tracked Since Feb 18, 2026