Lucene search

PRIOn knowledge basePRION:CVE-2023-27977

HistoryMar 21, 2023 - 12:15 p.m.

Design/Logic Flaw

2023-03-2112:15:00

PRIOn knowledge base

www.prio-n.com

cwe-345

insufficient verification

data authenticity

data server

igss project

file deletion

tcp port

igss data server

igss dashboard

custom reports

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CPENameOperatorVersion
custom_reportsle16.0.0.23040
igss_dashboardle16.0.0.23040
igss_data_serverle16.0.0.23040

Name	Operator	Version
custom_reports	le	16.0.0.23040
igss_dashboard	le	16.0.0.23040
igss_data_server	le	16.0.0.23040

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf