CVE-2023-6032 — MEDIUM (5.3)

Vulnerability Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Galaxy Vl Firmware	12.21
Schneider-Electric	Galaxy Vl	-
Schneider-Electric	Galaxy Vs Firmware	6.82
Schneider-Electric	Galaxy Vs	-

Related Weaknesses (CWE)

CWE-22

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-03&p_enDocVendor Advisory

FAQ

What is CVE-2023-6032?

CVE-2023-6032 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates t...

How severe is CVE-2023-6032?

CVE-2023-6032 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6032?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Galaxy Vl Firmware, Schneider-Electric Galaxy Vl, Schneider-Electric Galaxy Vs Firmware, Schneider-Electric Galaxy Vs.