All the vulnerabilites related to Schneider Electric - IGSS Data Server(IGSSdataServer.exe)
cve-2023-27980
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27980", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27979
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27979", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.827Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27977
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27977", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27981
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27981", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.699Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27982
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27982", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27984
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27984", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27983
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.799Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27983", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27978
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.806Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "IGSS Data Server(IGSSdataServer.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "IGSS Dashboard (DashBoard.exe)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] }, { "product": "Custom Reports (RMS16.dll)", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "16.0.0.23040", "status": "affected", "version": "V", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-21T00:00:00", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-04.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27978", "datePublished": "2023-03-21T00:00:00", "dateReserved": "2023-03-09T00:00:00", "dateUpdated": "2024-08-02T12:23:30.806Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }