← back
CVE-2023-27981

CVE-2023-27981

CVSS 7.8 HIGHEPSS 0.7%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.7%KEV nãoPoC Patch
Lifecycle
Mar 21, 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Schneider Electric · Custom Reports (RMS16.dll)Schneider Electric · IGSS Dashboard (DashBoard.exe)Schneider Electric · IGSS Data Server(IGSSdataServer.exe)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf