151 matches found
EUVD-2023-31710
Malicious code in bioql PyPI...
EUVD-2023-31703
Malicious code in bioql PyPI...
EUVD-2023-31707
Malicious code in bioql PyPI...
EUVD-2022-35593
Malicious code in bioql PyPI...
EUVD-2022-35598
Malicious code in bioql PyPI...
EUVD-2022-35595
Malicious code in bioql PyPI...
EUVD-2022-35599
Malicious code in bioql PyPI...
EUVD-2022-34598
Malicious code in bioql PyPI...
EUVD-2023-31706
Malicious code in bioql PyPI...
EUVD-2022-35600
Malicious code in bioql PyPI...
EUVD-2022-29222
Malicious code in bioql PyPI...
EUVD-2022-35597
Malicious code in bioql PyPI...
EUVD-2022-35596
Malicious code in bioql PyPI...
CVE-2023-27984
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...
CVE-2023-27981
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and prior, IGSS...
CVE-2023-27977
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...
CVE-2023-27982
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports can also be exploited, allowing an attacker to cause a service failure.
The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to insufficient verification of data authenticity. Exploiting this vulnerability c...
Schneider Electric IGSS Data Server Access Control Error Vulnerability
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which stems from a lack of authentication of key functional identities and could be...