CVE-2023-27977
First published: Tue Mar 21 2023(Updated: )
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Custom Reports | <=16.0.0.23040 | |
| Schneider-electric Igss Dashboard | <=16.0.0.23040 | |
| Schneider-electric Igss Data Server | <=16.0.0.23040 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-27977.
What is the severity of CVE-2023-27977?
The severity of CVE-2023-27977 is medium (5.3).
What is the affected software for this vulnerability?
The affected software for this vulnerability includes Schneider-electric Custom Reports, Igss Dashboard, and Igss Data Server.
How can an attacker exploit CVE-2023-27977?
An attacker can exploit CVE-2023-27977 by sending specific crafted messages to the Data Server TCP port.
How can I fix CVE-2023-27977?
To fix CVE-2023-27977, it is recommended to apply the necessary security patch provided by Schneider Electric.
- collector/nvd-index
- vendor/schneider-electric
- canonical/schneider-electric custom reports
- version/schneider-electric custom reports/16.0.0.23040
- canonical/schneider-electric igss dashboard
- version/schneider-electric igss dashboard/16.0.0.23040
- canonical/schneider-electric igss data server
- version/schneider-electric igss data server/16.0.0.23040