CVE-2023-5629 — HIGH (8.2) — White Hats Nepal

Q: What is CVE-2023-5629?

CVE-2023-5629 is a vulnerability with a CVSS score of 8.2 (HIGH). A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.

Q: How severe is CVE-2023-5629?

CVE-2023-5629 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5629?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Eb450 Firmware, Schneider-Electric Eb450, Schneider-Electric Eb45E Firmware, Schneider-Electric Eb45E, Schneider-Electric Eh450 Firmware.

Vulnerability Description

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Eb450 Firmware	-
Schneider-Electric	Eb450	-
Schneider-Electric	Eb45E Firmware	-
Schneider-Electric	Eb45E	-
Schneider-Electric	Eh450 Firmware	-
Schneider-Electric	Eh450	-
Schneider-Electric	Eh45E Firmware	-
Schneider-Electric	Eh45E	-
Schneider-Electric	Er450 Firmware	-
Schneider-Electric	Er450	-
Schneider-Electric	Er45E Firmware	-
Schneider-Electric	Er45E	-
Schneider-Electric	Jr240 Firmware	-
Schneider-Electric	Jr240	-
Schneider-Electric	Jr900 Firmware	-
Schneider-Electric	Jr900	-
Schneider-Electric	Qr450 Firmware	< 2.7.0
Schneider-Electric	Qr450	-
Schneider-Electric	Qr150 Firmware	< 2.7.0
Schneider-Electric	Qr150	-

Related Weaknesses (CWE)

CWE-601

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-01&p_enDocVendor Advisory

FAQ

What is CVE-2023-5629?

CVE-2023-5629 is a vulnerability with a CVSS score of 8.2 (HIGH). A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.

How severe is CVE-2023-5629?

CVE-2023-5629 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5629?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Eb450 Firmware, Schneider-Electric Eb450, Schneider-Electric Eb45E Firmware, Schneider-Electric Eb45E, Schneider-Electric Eh450 Firmware.