NVD

Id
36957  
Name
CVE-2013-0655  
Description
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-18  
Published
2013-01-21  
Modified Date
2013-01-22  
Seq
2013-0655  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
189011 36957 CVE-2013-0655 http://www.schneider-electric.com/download/ww/en/details/29960967-SE-Software-Update-Utility-Vulnerability-Disclosure/?reference=SEVD-2013-009-01  View
189012 36957 CVE-2013-0655 http://www.us-cert.gov/control_systems/pdf/ICSA-13-016-01.pdf  View
189013 36957 CVE-2013-0655 http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130109_advisory_of_vulnerability_affecting_schneider_electric_s_software_upda.xml  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
19646 JVNDB-2013-001221 Schneider Electric Software Update Utility のクライアントにおける任意のコードを実行される脆弱性 Schneider Electric Software Update (SESU) Utility のクライアントは、アップデートの真正性を確認しないため、アップデートを装って任意のコードを実行される脆弱性が存在します。 CVE-2013-0655 60597 CVE-2013-0655 36957 9.3 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001221.html 2013-01-09 2013-01-23 View