nvd-json-data-feeds/CVE-2025/CVE-2025-19xx/CVE-2025-1960.json

{
  "id": "CVE-2025-1960",
  "sourceIdentifier": "cybersecurity@se.com",
  "published": "2025-03-12T16:15:20.797",
  "lastModified": "2025-03-13T19:15:50.627",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an\nattacker to execute unauthorized commands when a system\u2019s default password credentials have not been\nchanged on first use. The default username is not displayed correctly in the WebHMI interface."
    },
    {
      "lang": "es",
      "value": "CWE-1188: Existe una vulnerabilidad de inicializaci\u00f3n de un recurso con un valor predeterminado inseguro que podr\u00eda provocar que un atacante ejecute comandos no autorizados cuando las credenciales de contrase\u00f1a predeterminadas de un sistema no se hayan cambiado en el primer uso. El nombre de usuario predeterminado no se muestra correctamente en la interfaz WebHMI."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cybersecurity@se.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cybersecurity@se.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-03.pdf",
      "source": "cybersecurity@se.com"
    }
  ]
}