Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-27981
HistoryMar 21, 2023 - 10:15 a.m.

CVE-2023-27981

2023-03-2110:15:17
CWE-22
[email protected]
web.nvd.nist.gov
18
cve-2023-27981
cwe-22
improper limitation
pathname
restricted directory
vulnerability
custom reports
remote code execution
igss data server
igss dashboard
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Affected configurations

NVD
Node
schneider-electriccustom_reportsRange16.0.0.23040
OR
schneider-electricigss_dashboardRange16.0.0.23040
OR
schneider-electricigss_data_serverRange16.0.0.23040

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "IGSS Data Server(IGSSdataServer.exe)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "IGSS Dashboard (DashBoard.exe)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "Custom Reports (RMS16.dll)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cvelist 1
zdi 1
cnvd 1
nvd 1
ics 1
prion
prion
Design/Logic Flaw
2023-03-21 10:15:00
cvelist
cvelist
CVE-2023-27981
2023-03-21 00:00:00
zdi
zdi
Schneider Electric IGSS getRMSreportFile Directory Traversal Remote Code Execution Vulnerability
2023-03-16 00:00:00
cnvd
cnvd
Schneider Electric IGSS Data Server Path Traversal Vulnerability
2023-03-20 00:00:00
nvd
nvd
CVE-2023-27981
2023-03-21 10:15:17
ics
ics
Schneider Electric IGSS
2023-03-23 12:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON
Related for CVE-2023-27981
prion1cvelist1zdi1cnvd1nvd1ics1