CVE-2023-6409

Summary

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Control ExpertVersions prior to v16.0affected
Schneider ElectricEcoStruxure Process ExpertVersions prior to v2023affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References