Lucene search

[email protected]NVD:CVE-2023-4516

HistorySep 14, 2023 - 9:15 a.m.

CVE-2023-4516

2023-09-1409:15:08

CWE-306

[email protected]

web.nvd.nist.gov

igss update service

cwe-306

missing authentication

critical function

remote code execution

update source

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

14.3%

JSON

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update
Service that could allow a local attacker to change update source, potentially leading to remote
code execution when the attacker force an update containing malicious content.

Affected configurations

NVD

Node

schneider-electricinteractive_graphical_scada_systemRange≤16.0.0.23211

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-255-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-255-01.pdf

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

14.3%

JSON

Related for NVD:CVE-2023-4516

cve1 ics1 cvelist1 prion1