Schneider-electric

Custom Reports

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-27983

  • EPSS 0.07%
  • Veröffentlicht 21.03.2023 14:15:11
  • Zuletzt bearbeitet 21.11.2024 07:53:52

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this fu...

6.5

CVE-2023-27979

  • EPSS 0.07%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:53:51

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafte...

5.3

CVE-2023-27977

  • EPSS 0.06%
  • Veröffentlicht 21.03.2023 12:15:10
  • Zuletzt bearbeitet 21.11.2024 07:53:51

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted me...

8.8

CVE-2023-27984

  • EPSS 0.33%
  • Veröffentlicht 21.03.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:53:52

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS...

8.8

CVE-2023-27981

  • EPSS 1.84%
  • Veröffentlicht 21.03.2023 10:15:17
  • Zuletzt bearbeitet 21.11.2024 07:53:51

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.e...

7.8

CVE-2023-27978

  • EPSS 19.89%
  • Veröffentlicht 21.03.2023 09:15:11
  • Zuletzt bearbeitet 21.11.2024 07:53:51

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious fi...

8.8

CVE-2023-27982

  • EPSS 1.29%
  • Veröffentlicht 21.03.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 07:53:52

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Serv...

8.8

CVE-2023-27980

  • EPSS 2.12%
  • Veröffentlicht 21.03.2023 06:15:13
  • Zuletzt bearbeitet 21.11.2024 07:53:51

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when...