SEVD-2023-346-01 — Vulnetix

SEVD-2023-346-01 PUBLISHED CVSS 8.199999809265137 HIGH

Schneider Electric is aware of multiple vulnerabilities in its Trio Licensed and License-Free Data Radio products. The Trio Licensed Radio products are designed to provide complete, versatile, and high availability system solutions for long range wireless data communications in SCADA and remote telemetry applications. The Trio License-Free Radio products are a range of frequency-hopping Ethernet and Serial Data Radios operating in the license-free 900Mhz and 2.4 Ghz band and designed with versatility and flexibility in mind. Failure to apply the remediations and mitigations provided below may risk disclosure of information, or potential installation of malicious code.

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Affected Products

Vendor	Product	Versions
	Schneider Electric Trio Q-Series Ethernet Data Radio All Versions
	Schneider Electric Trio E-Series Ethernet Data Radio All Versions
	Schneider Electric Trio J-Series Ethernet Data Radio version 3.8.3
	Schneider Electric Trio J-Series Ethernet Data Radio versions prior to 3.8.3
	Schneider Electric Trio Q-Series Ethernet Data Radio version 2.7.0
	Schneider Electric Trio Q-Series prior to V2.7.0
	Schneider Electric Trio J-Series Ethernet Data Radio All Versions

Timeline

Dec 12, 2023 CVE Published
Apr 9, 2024 CVE Updated

References

Open in Interactive Console →