724 matches found
CVE-2023-27978
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...
Schneider Electric IGSS Data Server 数据伪造问题漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which can be exploited by an attacker to cause a denial of service by sending a specific craft...
Schneider Electric IGSS Data Server 访问控制错误漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which stems from a lack of authentication of key functional identities and could be...
Schneider Electric IGSS Data Server 路径遍历漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. A path traversal vulnerability exists in Schneider Electric IGSS Data Server, which can be exploited by attackers to cause remote code execution...
Schneider Electric IGSS Data Server 输入验证错误漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to an input validation error, which could be exploited by an attacker to cause remote code execution...
Schneider Electric IGSS Data Server 访问控制错误漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to create malicious report files in the IGSS...
CVE-2023-27982
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...
CVE-2023-27978
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...
CVE-2023-27981
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27984
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...
CVE-2023-27977
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...
CVE-2023-27982
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...
CVE-2023-27977
The CVE-2023-27977 entry describes an Insufficient Verification of Data Authenticity (CWE-345) weakness in Schneider Electric IGSS Data Server. Affected modules are IGSS Data Server (IGSSdataServer.exe), IGSS Dashboard (DashBoard.exe), and Custom Reports (RMS16.dll) all at version 16.0.0.23040 an...
CVE-2023-27984
CVE-2023-27984 affects Schneider Electric IGSS components (IGSS Data Server, IGSS Dashboard, Custom Reports RMS16.dll) version 16.0.0.23040 and earlier, due to CWE-20 Improper Input Validation in Custom Reports that could allow a macro to be executed and remote code execution when a malicious rep...
CVE-2023-27982
CVE-2023-27982 affects Schneider Electric IGSS components: IGSS Data Server (IGSSdataServer.exe) up to v16.0.0.23040, IGSS Dashboard (DashBoard.exe) up to v16.0.0.23040, and Custom Reports (RMS16.dll) up to v16.0.0.23040. Root cause: Insufficient Verification of Data Authenticity (CWE-345) in the...
CVE-2023-27980
CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...
CVE-2023-27983
CVE-2023-27983 is a Missing Authentication for Critical Function (CWE-306) vulnerability in Schneider Electric IGSS components. The issue resides in the Data Server TCP interface and could allow deletion of reports from the IGSS project report directory, leading to data loss. Affected products/ve...
CVE-2023-27979
CVE-2023-27979 is a CWE-345 vulnerability affecting Schneider Electric IGSS components: IGSS Data Server (IGSSdataServer.exe), IGSS Dashboard (DashBoard.exe), and Custom Reports (RMS16.dll) with versions up to 16.0.0.23040. The issue arises from insufficient verification of data authenticity in t...
CVE-2023-27984
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...