Schneider-electric - Software Update Utility CVE

Filtered by vendor Schneider-electric Subscribe

Filtered by product Software Update Utility

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-0655	1 Schneider-electric	1 Software Update Utility	2013-01-22	9.3 HIGH	N/A
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

Vulnerabilities (CVE)