CVE-2023-27984

EPSS 0.33%
Published 21.03.2023 11:15:10
Last modified 21.11.2024 07:53:52
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Custom Reports Version <= 16.0.0.23040

Schneider-electric ≫ Igss Dashboard Version <= 16.0.0.23040

Schneider-electric ≫ Igss Data Server Version <= 16.0.0.23040

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.548

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cybersecurity@se.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27984

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27984

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27984

EUVD