A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability exists that could cause a file system enumeration and file download when an
attacker navigates to the Network Management Card via HTTPS.
References
Configurations
History
30 Nov 2023, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:schneider-electric:galaxy_vl:-:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:galaxy_vs_firmware:6.82:*:*:*:*:*:*:* cpe:2.3:o:schneider-electric:galaxy_vl_firmware:12.21:*:*:*:*:*:*:* cpe:2.3:h:schneider-electric:galaxy_vs:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| First Time |
Schneider-electric galaxy Vl Firmware
Schneider-electric Schneider-electric galaxy Vs Firmware Schneider-electric galaxy Vs Schneider-electric galaxy Vl |
|
| References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-03.pdf - Vendor Advisory |
15 Nov 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-15 04:15
Updated : 2023-11-30 15:17
NVD link : CVE-2023-6032
Mitre link : CVE-2023-6032
JSON object : View
Products Affected
schneider-electric
- galaxy_vs_firmware
- galaxy_vl_firmware
- galaxy_vs
- galaxy_vl
CWE
No CWE.