Lucene search
K

108 matches found

NVD
NVD
added 2023/03/21 6:15 a.m.26 views

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

8.8CVSS9AI score0.00881EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 6:15 a.m.3 views

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

8.8CVSS7.8AI score
Exploits0References1
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.20 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

7.8CVSS9.1AI score0.00609EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.8 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

7.8CVSS8.9AI score0.00609EPSS
Exploits0References1
CVE
CVE
added 2023/03/21 12:0 a.m.55 views

CVE-2023-27981

CVE-2023-27981 targets Schneider Electric IGSS components: IGSS Data Server (IGSSdataServer.exe) v16.0.0.23040 and prior, IGSS Dashboard (DashBoard.exe) v16.0.0.23040 and prior, and Custom Reports (RMS16.dll) v16.0.0.23040 and prior. It is a CWE-22 path traversal vulnerability in the Custom Repor...

8.8CVSS8.9AI score0.00725EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.7 views

CVE-2023-27982

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...

8.8CVSS8.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.28 views

CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...

7.8CVSS9.1AI score0.00725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.13 views

CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...

7.8CVSS7.8AI score0.06482EPSS
Exploits0References1
CVE
CVE
added 2023/03/21 12:0 a.m.53 views

CVE-2023-27980

CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...

8.8CVSS8.9AI score0.00881EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.28 views

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

6.5CVSS6.6AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/21 12:0 a.m.32 views

CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...

7.8CVSS8AI score0.06482EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/21 12:0 a.m.8 views

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...

8.8CVSS8.9AI score0.00881EPSS
Exploits0References1
CVE
CVE
added 2023/03/21 12:0 a.m.47 views

CVE-2023-27984

CVE-2023-27984 affects Schneider Electric IGSS components (IGSS Data Server, IGSS Dashboard, Custom Reports RMS16.dll) version 16.0.0.23040 and earlier, due to CWE-20 Improper Input Validation in Custom Reports that could allow a macro to be executed and remote code execution when a malicious rep...

8.8CVSS8.9AI score0.00609EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2023/03/21 12:0 a.m.66 views

CVE-2023-27979

CVE-2023-27979 is a CWE-345 vulnerability affecting Schneider Electric IGSS components: IGSS Data Server (IGSSdataServer.exe), IGSS Dashboard (DashBoard.exe), and Custom Reports (RMS16.dll) with versions up to 16.0.0.23040. The issue arises from insufficient verification of data authenticity in t...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2023/03/21 12:0 a.m.60 views

CVE-2023-27983

CVE-2023-27983 is a Missing Authentication for Critical Function (CWE-306) vulnerability in Schneider Electric IGSS components. The issue resides in the Data Server TCP interface and could allow deletion of reports from the IGSS project report directory, leading to data loss. Affected products/ve...

6.5CVSS5.2AI score0.00437EPSS
Exploits0References1Affected Software3
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.6 views

PT-2023-1688 · Unknown · Igss Dashboard +2

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: A Missing Authentication for Critical Function issue exists in the Data Server TCP...

10CVSS8.8AI score0.00881EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.3 views

PT-2023-1855 · Unknown · Igss Dashboard +2

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: A vulnerability exists in Custom Reports due to improper limitation of a pathname to a...

8.8CVSS8.9AI score0.00725EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.3 views

PT-2023-1871 · Unknown · Igss Dashboard +2

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: The issue exists due to insufficient input validation in the Custom Reports component ...

8.8CVSS8.9AI score0.00609EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.5 views

PT-2023-1873 · Unknown · Igss Dashboard +2

Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: A Deserialization of Untrusted Data issue exists in the Dashboard module, potentially...

7.8CVSS7.9AI score0.06482EPSS
Exploits0References6
Huntr
Huntr
added 2021/12/22 5:27 a.m.21 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Stored cross site scripting vulnerability in report class field on custom report feature. Proof of Concept 1 . Login to dev account https://10.x-dev.pimcore.fun/admin/ 2 . Go to marketing -- custom reports -- Report class :field in left navigation menu 3 . Add payload " in report clas...

3.5CVSS5.1AI score0.00642EPSS
Exploits1
Rows per page
Query Builder