var-202303-1353
Vulnerability from variot
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). Authentication is not required to exploit this vulnerability.The specific flaw exists within the IGSSdataServer process, which listens on TCP port 12401 by default. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to delete application-specific data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-1353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "igss data server",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "16.0.0.23040"
},
{
"model": "igss dashboard",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "16.0.0.23040"
},
{
"model": "custom reports",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "16.0.0.23040"
},
{
"model": "igss dashboard",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "custom reports",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "igss data server",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "igss",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric igss data server",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=v16.0.0.23040"
},
{
"model": "electric igss dashboard",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=v16.0.0.23040"
},
{
"model": "electric custom reports",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=v16.0.0.23040"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.0.23040",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.0.23040",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.0.0.23040",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27983"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-340"
}
],
"trust": 0.7
},
"cve": "CVE-2023-27983",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-29369",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cybersecurity@se.com",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-27983",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2023-27983",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-27983",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2023-27983",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2023-27983",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2023-29369",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202303-1624",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). Authentication is not required to exploit this vulnerability.The specific flaw exists within the IGSSdataServer process, which listens on TCP port 12401 by default. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to delete application-specific data",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "VULMON",
"id": "CVE-2023-27983"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27983",
"trust": 4.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2023-073-04",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-23-082-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94559502",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-19531",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-23-340",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2023-29369",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1792",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27983",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "VULMON",
"id": "CVE-2023-27983"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"id": "VAR-202303-1353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-29369"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-29369"
}
]
},
"last_update_date": "2023-12-18T11:54:51.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-073-04\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-073-04.pdf"
},
{
"title": "Patch for Schneider Electric IGSS Data Server Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/419116"
},
{
"title": "Schneider Electric IGSS Data Server Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=230898"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-073-04\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2023-073-04.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94559502/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27983"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27983/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1792"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "VULMON",
"id": "CVE-2023-27983"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "VULMON",
"id": "CVE-2023-27983"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-16T00:00:00",
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"date": "2023-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27983"
},
{
"date": "2023-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"date": "2023-03-21T14:15:11.337000",
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-16T00:00:00",
"db": "ZDI",
"id": "ZDI-23-340"
},
{
"date": "2023-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"date": "2023-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27983"
},
{
"date": "2023-11-10T05:14:00",
"db": "JVNDB",
"id": "JVNDB-2023-005877"
},
{
"date": "2023-03-28T15:10:35.483000",
"db": "NVD",
"id": "CVE-2023-27983"
},
{
"date": "2023-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric IGSS Data Server Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-29369"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-1624"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.