← back
CVE-2023-27983

CVE-2023-27983

CVSS 6.5 MEDIUMEPSS 0.4%CWE-306
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected products
Schneider Electric · Custom Reports (RMS16.dll)Schneider Electric · IGSS Dashboard (DashBoard.exe)Schneider Electric · IGSS Data Server(IGSSdataServer.exe)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf