CVE-2023-27975

Summary

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Control ExpertVersions prior to v16.0affected
Schneider ElectricEcoStruxure Process ExpertVersions prior to v2023affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References