CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-03-21 06:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-27980

Mitre link : CVE-2023-27980

CVE.ORG link : CVE-2023-27980


JSON object : View

Products Affected

schneider-electric

  • custom_reports
  • igss_dashboard
  • igss_data_server
CWE
CWE-306

Missing Authentication for Critical Function