CVE-2023-27977 in IGSS Data Server
Summary
by MITRE • 03/21/2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/30/2025
The vulnerability described in CVE-2023-27977 represents a critical weakness in the IGSS (Integrated Graphics and Supervisory System) suite that falls under CWE-345: Insufficient Verification of Data Authenticity. This weakness manifests in the Data Server component of the IGSS ecosystem, specifically affecting versions 16.0.0.23040 and earlier across multiple modules including IGSS Data Server, IGSS Dashboard, and Custom Reports. The vulnerability stems from inadequate validation mechanisms that fail to properly authenticate incoming data streams, creating a pathway for malicious actors to exploit the system through crafted network messages.
The technical flaw operates through a TCP port exposure that allows unauthorized access to the IGSS project report directory. When an attacker successfully crafts and sends specific malicious messages to the Data Server's TCP port, the system fails to verify the authenticity of the incoming data, thereby permitting deletion operations on files within the report directory. This authentication bypass occurs because the system does not implement robust cryptographic verification or message integrity checks that would normally validate the source and content of incoming communications. The vulnerability essentially allows for remote code execution through file manipulation, as the attacker can delete critical project reports and associated data files.
The operational impact of this vulnerability extends beyond simple data loss, as it compromises the integrity and availability of critical industrial control system data. In industrial environments where IGSS systems are deployed for process control and monitoring, the deletion of project reports can result in significant operational disruptions, loss of historical data, and potential safety hazards. The vulnerability affects the core functionality of the system by undermining the trust model that should exist between legitimate users and the data server. Attackers can potentially cause cascading failures in industrial processes by removing essential configuration and reporting files that are fundamental to system operation.
Mitigation strategies for CVE-2023-27977 should focus on implementing robust data authenticity verification mechanisms across all affected components. Organizations should immediately update to versions of IGSS that address this vulnerability, as the affected products are specifically identified in the advisory. Network segmentation and access controls should be implemented to limit exposure of the TCP ports to only trusted sources, while firewall rules should be configured to restrict access to the Data Server ports from untrusted networks. The implementation of message authentication codes and cryptographic signatures for all communications would address the underlying CWE-345 weakness by ensuring that only properly authenticated messages are processed by the system. Additionally, regular security audits and penetration testing should be conducted to identify similar authentication gaps in industrial control systems, following ATT&CK framework techniques for identifying and mitigating data integrity threats in operational technology environments.