Unrated severityNVD Advisory· Published Jan 21, 2013· Updated Apr 29, 2026

CVE-2013-0655

Description

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

Affected products

Schneider Electric/Software Update Utility4 versions
cpe:2.3:a:schneider-electric:software_update_utility:1.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:schneider-electric:software_update_utility:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:software_update_utility:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:software_update_utility:1.1:*:*:*:*:*:*:*
- (no CPE)range: >=1.0.0, <=1.1.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.pagenvdVendor Advisory
www.us-cert.gov/control_systems/pdf/ICSA-13-016-01.pdfnvdUS Government Resource
www.schneider-electric.com/download/ww/en/details/29960967-SE-Software-Update-Utility-Vulnerability-Disclosure/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000