Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-1548 | Improper Privilege Management vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. | 5.5 |
| 2023-04-18 | CVE-2023-27976 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. | 8.8 |
| 2023-03-21 | CVE-2023-27979 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. | 6.5 |
| 2023-03-21 | CVE-2023-27977 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. | 5.3 |
| 2023-03-21 | CVE-2023-27984 | Improper Input Validation vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. | 8.8 |
| 2023-03-21 | CVE-2023-27981 | Path Traversal vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. | 8.8 |
| 2023-03-21 | CVE-2023-27978 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | 7.8 |
| 2023-03-21 | CVE-2023-27982 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. | 8.8 |
| 2023-03-21 | CVE-2023-27980 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. | 8.8 |
| 2023-02-24 | CVE-2023-0595 | Improper Encoding or Escaping of Output vulnerability in Schneider-Electric products A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). | 5.3 |