CVE-2023-27982

2023-03-2107:15:08

CWE-345

schneider

web.nvd.nist.gov

cve-2023-27982

cwe-345

igss data server

remote code execution

data authenticity

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Affected configurations

Nvd

Node

schneider-electriccustom_reportsRange≤16.0.0.23040

schneider-electricigss_dashboardRange≤16.0.0.23040

schneider-electricigss_data_serverRange≤16.0.0.23040

VendorProductVersionCPE
schneider-electriccustom_reports*cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:*
schneider-electricigss_dashboard*cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*
schneider-electricigss_data_server*cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	custom_reports	*	cpe:2.3:a:schneider-electric:custom_reports::::::::
schneider-electric	igss_dashboard	*	cpe:2.3:a:schneider-electric:igss_dashboard::::::::
schneider-electric	igss_data_server	*	cpe:2.3:a:schneider-electric:igss_data_server::::::::

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "IGSS Data Server(IGSSdataServer.exe)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "IGSS Dashboard (DashBoard.exe)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "Custom Reports (RMS16.dll)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  }
]