VDB
CVE-2023-3953
CVE-2023-3953
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.
EPSS 0.07% · 22.0th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.07%
22.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric | GP-Pro EX WinGP for iPC | v4.09.450 and prior |
| Schneider Electric | GP-Pro EX WinGP for PC/AT | v4.09.450 and prior |
| schneider-electric | pro-face_gp-pro_ex | 0 |
Timeline
- Aug 9, 2023 CVE Published
- Aug 10, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Oct 16, 2023 EPSS Score
- Nov 19, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Jan 25, 2024 EPSS Score
- Feb 28, 2024 EPSS Score
- Apr 1, 2024 EPSS Score
- May 5, 2024 EPSS Score
- Jun 7, 2024 EPSS Score
- Jul 11, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-220-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-220-01.pdf url
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-3953 advisory