Vulnerability Description
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Software Update Utility | 1.0 |
Related Weaknesses (CWE)
References
- http://www.schneider-electric.com/download/ww/en/details/29960967-SE-Software-Up
- http://www.us-cert.gov/control_systems/pdf/ICSA-13-016-01.pdfUS Government Resource
- http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-newVendor Advisory
- http://www.schneider-electric.com/download/ww/en/details/29960967-SE-Software-Up
- http://www.us-cert.gov/control_systems/pdf/ICSA-13-016-01.pdfUS Government Resource
- http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-newVendor Advisory
FAQ
What is CVE-2013-0655?
CVE-2013-0655 is a vulnerability with a CVSS score of 9.3 (HIGH). The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequ...
How severe is CVE-2013-0655?
CVE-2013-0655 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0655?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Software Update Utility.