Logo
vuln-group

CVE-2023-4516

Severity: high (7.8)

First published: Thu Sep 14 2023

Last modified: Wed Sep 20 2023

CWE: 306

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.

Any of

  • Schneider-electric Interactive Graphical Scada System
    <=16.0.0.23211

FAQ

  • What is CVE-2023-4516?

    CVE-2023-4516 is a CWE-306: Missing Authentication for Critical Function vulnerability in the IGSS Update Service.

  • What is the severity of CVE-2023-4516?

    The severity of CVE-2023-4516 is high with a CVSS score of 7.8.

  • How does CVE-2023-4516 affect Schneider-electric Interactive Graphical Scada System?

    CVE-2023-4516 affects Schneider-electric Interactive Graphical Scada System version 16.0.0.23211 and earlier.

  • What is the impact of CVE-2023-4516?

    The impact of CVE-2023-4516 is that a local attacker could change the update source and potentially execute remote code by forcing an update with malicious content.

  • How can I fix CVE-2023-4516?

    To fix CVE-2023-4516, apply the security update provided by Schneider Electric as mentioned in the security advisory.

Reference Links

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia

Navigation

© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203