Vulnerability Description
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Powerlogic Hdpm6000 Firmware | <= 0.58.6 |
| Schneider-Electric | Powerlogic Hdpm6000 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocPatchVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-02&p_enDocPatchVendor Advisory
FAQ
What is CVE-2023-28004?
CVE-2023-28004 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
How severe is CVE-2023-28004?
CVE-2023-28004 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-28004?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Powerlogic Hdpm6000 Firmware, Schneider-Electric Powerlogic Hdpm6000.