The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a hacker to delete arbitrary data.

🗓️ 23 Mar 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in data server, dashboard, and report module allows remote deletion due to lack of authentication.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-27983	21 Mar 202317:34	–	circl
CNNVD	Schneider Electric IGSS Data Server 访问控制错误漏洞	21 Mar 202300:00	–	cnnvd
CNVD	Schneider Electric IGSS Data Server Access Control Error Vulnerability	23 Mar 202300:00	–	cnvd
CVE	CVE-2023-27983	21 Mar 202300:00	–	cve
Cvelist	CVE-2023-27983	21 Mar 202300:00	–	cvelist
EUVD	EUVD-2023-31709	3 Oct 202520:07	–	euvd
ICS	Schneider Electric IGSS	3 Apr 202319:38	–	ics
NVD	CVE-2023-27983	21 Mar 202314:15	–	nvd
OSV	CVE-2023-27983	21 Mar 202314:15	–	osv
Prion	Authentication flaw	21 Mar 202314:15	–	prion

Vulners

Node

schneider_electric igss_data_serverRange≤16.0.0.23040

OR

schneider_electric igss_dashboardRange≤16.0.0.23040

OR

schneider_electric custom_reportsRange≤16.0.0.23040

Source	Link
download	www.download.schneider-electric.com/files
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023032025
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-340/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-340/

23 Mar 2023 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 26.4

CVSS 36.5

EPSS0.00193

data server dashboard executable custom reports library remote data deletion lack of authentication