Severity
High
Analysis Summary
CVE-2023-5629 CVSS:8.2
Schneider Electric Trio Ethernet Data Radio products could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVE-2023-5630 CVSS:6.5
Schneider Electric Trio Ethernet Data Radio products could allow a remote authenticated attacker to bypass security restrictions, caused by a lack of integrity check when downloading code. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to install untrusted firmware.
Impact
- Gain Access
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-5629
- CVE-2023-5630
Affected Vendors
Schneider Electric
Affected Products
- Schneider Electric Trio Q-Series Ethernet Data Radio
- Schneider Electric Trio E-Series Ethernet Data Radio
- Schneider Electric Trio J-Series Ethernet Data Radio
Remediation
Refer to Schneider Electric Security Advisory for patch, upgrade or suggested workaround information.