Igss Dashboard Security Vulnerabilities and Issues — Igss Dashboard CVE List

Lucene search

Schneider-electricIgss Dashboard

9 matches found

CVE•added 2023/03/21 1:15 p.m.•50 views

CVE-2023-27979

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected ...

6.5CVSS6.4AI score0.00074EPSS

CVE•added 2023/03/21 9:15 a.m.•46 views

CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataS...

7.8CVSS7.8AI score0.19886EPSS

CVE•added 2023/03/21 2:15 p.m.•45 views

CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(...

6.5CVSS5.2AI score0.00067EPSS

CVE•added 2023/03/21 7:15 a.m.•44 views

CVE-2023-27982

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execu...

8.8CVSS8.8AI score0.01289EPSS

CVE•added 2023/06/14 8:15 a.m.•44 views

CVE-2023-3001

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module thatcould cause an interpretation of malicious payload data, potentially leading to remote codeexecution when an attacker gets the user to open a malicious file.

7.8CVSS7.4AI score0.04562EPSS

CVE•added 2023/03/21 12:15 p.m.•43 views

CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Prod...

6.5CVSS5.5AI score0.0006EPSS

CVE•added 2023/03/21 10:15 a.m.•39 views

CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(Dash...

8.8CVSS8.9AI score0.01841EPSS

CVE•added 2023/03/21 6:15 a.m.•38 views

CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected P...

8.8CVSS8.9AI score0.02124EPSS

CVE•added 2023/03/21 11:15 a.m.•33 views

CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 an...

8.8CVSS8.9AI score0.00329EPSS