CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:*

History

24 Mar 2023, 19:15

Type Values Removed Values Added
CPE cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf - (CONFIRM) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf - Patch, Vendor Advisory

21 Mar 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-21 06:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-27980

Mitre link : CVE-2023-27980

CVE.ORG link : CVE-2023-27980


JSON object : View

Products Affected

schneider-electric

  • igss_data_server
  • igss_dashboard
  • custom_reports
CWE
CWE-306

Missing Authentication for Critical Function