Lucene search
+L

540 matches found

Prion
Prion
added 2023/09/14 9:15 a.m.14 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

4.3CVSS7.5AI score0.00173EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/14 8:54 a.m.64 views

CVE-2023-4516

Schneider Electric IGSS Update Service (v16.0.0.23211 and earlier) is affected by CVE-2023-4516: a CWE-306 missing authentication for a critical function vulnerability that lets a local attacker change the update source, potentially enabling remote code execution when a malicious update is applie...

7.8CVSS7.5AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/14 8:54 a.m.25 views

CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...

7.8CVSS7.7AI score0.00173EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/08/14 12:0 a.m.22 views

Schneider Electric IGSS UpdateService Exposed Dangerous Method Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processi...

7.8CVSS6.9AI score0.31861EPSS
Exploits0References1
ICS
ICS
added 2023/08/08 6:0 a.m.18 views

Schneider Electric IGSS

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS Interactive Graphical SCADA System ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow arbitrary code...

7.8CVSS8.2AI score0.31861EPSS
Exploits0References10
Zero Day Initiative
Zero Day Initiative
added 2023/06/16 12:0 a.m.25 views

Schneider Electric IGSS DashFiles Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.9AI score0.31861EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.5 views

Schneider Electric IGSS 代码问题漏洞

Schneider Electric IGSS is a multi-player collaborative application from Schneider Electric, France. A code issue vulnerability exists in Schneider Electric IGSS Dashboard DashBoard.exe v16.0.0.23130 and prior versions, which stems from untrustworthy data deserialization in the Dashboard module,...

7.8CVSS7.8AI score0.31861EPSS
Exploits0References1
ICS
ICS
added 2023/04/03 7:38 p.m.52 views

Schneider Electric IGSS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of...

8.8CVSS8.1AI score0.06482EPSS
Exploits0References4
CNVD
CNVD
added 2023/03/23 12:0 a.m.27 views

Schneider Electric IGSS Data Server Access Control Error Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which stems from a lack of authentication of key functional identities and could be...

5.7AI score0.00437EPSS
Exploits0Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.6 views

The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports can also be exploited, allowing an attacker to cause a service failure.

The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to insufficient verification of data authenticity. Exploiting this vulnerability c...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2023/03/21 2:15 p.m.20 views

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

6.5CVSS6.8AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 2:15 p.m.4 views

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

5.3CVSS6.1AI score0.00437EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 2:15 p.m.16 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...

5CVSS5.6AI score0.00437EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2023/03/21 1:15 p.m.26 views

CVE-2023-27979

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

6.5CVSS6.6AI score0.00242EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 1:15 p.m.17 views

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

6.4CVSS6.5AI score0.00242EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2023/03/21 12:15 p.m.24 views

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

6.5CVSS6.7AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 12:15 p.m.8 views

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

5.3CVSS6.5AI score0.00243EPSS
Exploits0References1
Prion
Prion
added 2023/03/21 12:15 p.m.16 views

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...

5CVSS5.5AI score0.00243EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2023/03/21 11:15 a.m.20 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

8.8CVSS8.5AI score0.00609EPSS
Exploits0References1
OSV
OSV
added 2023/03/21 11:15 a.m.4 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data ServerIGSSdataServer.exeV16.0.0.23040 and...

8.8CVSS7.8AI score0.00609EPSS
Exploits0References1
Rows per page
Query Builder