The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports can also be exploited, allowing an attacker to cause a service failure.

🗓️ 23 Mar 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

Vulnerability in IGSSdataServer.exe, DashBoard.exe, and RMS16 library lets attackers cause service failure with crafted data due to insufficient data authenticity verification.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-27979	21 Mar 202315:34	–	circl
CNNVD	Schneider Electric IGSS Data Server 数据伪造问题漏洞	21 Mar 202300:00	–	cnnvd
CNVD	Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability	20 Mar 202300:00	–	cnvd
CVE	CVE-2023-27979	21 Mar 202300:00	–	cve
Cvelist	CVE-2023-27979	21 Mar 202300:00	–	cvelist
EUVD	EUVD-2023-31705	3 Oct 202520:07	–	euvd
ICS	Schneider Electric IGSS	3 Apr 202319:38	–	ics
NVD	CVE-2023-27979	21 Mar 202313:15	–	nvd
OSV	CVE-2023-27979	21 Mar 202313:15	–	osv
Prion	Design/Logic Flaw	21 Mar 202313:15	–	prion

Vulners

Node

schneider_electric igss_data_serverRange≤16.0.0.23040

schneider_electric igss_dashboardRange≤16.0.0.23040

schneider_electric custom_reportsRange≤16.0.0.23040

Source	Link
download	www.download.schneider-electric.com/files
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023032025
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-336/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-336/

23 Mar 2023 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 26.4

CVSS 36.5

EPSS0.00242