Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Published

2023-03-21T12:15:10.647

Last Modified

2024-11-21T07:53:51.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	custom_reports	≤ 16.0.0.23040	Yes
Application	schneider-electric	igss_dashboard	≤ 16.0.0.23040	Yes
Application	schneider-electric	igss_data_server	≤ 16.0.0.23040	Yes

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf Patch, Vendor Advisory ([email protected])
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)