Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Published

2023-03-21T14:15:11.337

Last Modified

2024-11-21T07:53:52.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	custom_reports	≤ 16.0.0.23040	Yes
Application	schneider-electric	igss_dashboard	≤ 16.0.0.23040	Yes
Application	schneider-electric	igss_data_server	≤ 16.0.0.23040	Yes

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf Patch, Vendor Advisory ([email protected])
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)