CVE-2023-27980

🗓️ 21 Mar 2023 00:00:00Reported by schneiderType

A CWE-306 vulnerability in IGSS Data Server TCP interface allows creation of malicious report file leading to remote code execution

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the SCADA system’s data server, IGSS Data Server, allows a intruder to execute arbitrary code.	17 Mar 202300:00	–	bdu_fstec
CNNVD	Schneider Electric IGSS Data Server 访问控制错误漏洞	21 Mar 202300:00	–	cnnvd
CNVD	Schneider Electric IGSS Data Server Access Control Error Vulnerability (CNVD-2023-29375)	20 Mar 202300:00	–	cnvd
CVE	CVE-2023-27980	21 Mar 202300:00	–	cve
EUVD	EUVD-2023-31706	3 Oct 202520:07	–	euvd
ICS	Schneider Electric IGSS	3 Apr 202319:38	–	ics
NVD	CVE-2023-27980	21 Mar 202306:15	–	nvd
Prion	Authentication flaw	21 Mar 202306:15	–	prion
Positive Technologies	PT-2023-1688 · Unknown · Igss Dashboard +2	14 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-27980	23 May 202502:27	–	redhatcve

[
  {
    "vendor": "Schneider Electric",
    "product": "IGSS Data Server(IGSSdataServer.exe)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "IGSS Dashboard (DashBoard.exe)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "Custom Reports (RMS16.dll)",
    "versions": [
      {
        "version": "V",
        "status": "affected",
        "lessThanOrEqual": "16.0.0.23040",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
download	www.download.schneider-electric.com/files

21 Mar 2023 00:00Current

9.2High risk

Vulners AI Score9.2

CVSS 3.18.8

EPSS0.00881

CWE-306