VDB
SEVD-2023-129-01
SEVD-2023-129-01
PUBLISHED
CVSS 5 MEDIUM
Schneider Electric is aware of a vulnerability in its OPC Factory Server (OFS). OPC Factory Server (OFS) is a standards compliant server application allowing open, real-time access to Schneider Electric automation and electrical distribution devices connected to Ethernet networks or fieldbuses. Failure to apply the remediation provided below may risk exposure of sensitive information, which could cause unauthorized read access to the file system running the OPC Factory Server (OFS).
Risk Scores
CVSS 3.1
5
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric OPC Factory Server (OFS) version 3.63SP2 | ||
| Schneider Electric OPC Factory Server (OFS) versions prior to 3.63SP2 |
Exploit Intelligence
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-01.pdf (circl)
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-129-01.json (circl)
- https://www.se.com/us/en/download/document/7EN52-0390/ (circl)
- https://www.se.com/ww/en/product-range/547-opc-factory-server/#software-and-firmware (circl)
Timeline
- May 9, 2023 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-129-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://www.se.com/ww/en/product-range/547-opc-factory-server/#software-and-firmware fix