CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name	Vendor	Start Version	End Version
Ecostruxure_control_expert	Schneider-electric	*	16.0 (excluding)
Ecostruxure_process_expert	Schneider-electric	*	2023 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/474.html
https://cwe.mitre.org/data/definitions/50.html
https://cwe.mitre.org/data/definitions/509.html
https://cwe.mitre.org/data/definitions/551.html
https://cwe.mitre.org/data/definitions/555.html
https://cwe.mitre.org/data/definitions/560.html
https://cwe.mitre.org/data/definitions/561.html
https://cwe.mitre.org/data/definitions/600.html
https://cwe.mitre.org/data/definitions/644.html
https://cwe.mitre.org/data/definitions/645.html
https://cwe.mitre.org/data/definitions/652.html
https://cwe.mitre.org/data/definitions/653.html

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-27975
CWE	https://cwe.mitre.org/data/definitions/522.html

Insufficiently Protected Credentials

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References