CVE-2023-27977 in IGSS Data Serverinformación

Resumen

por MITRE • 2023-03-21

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Schneider Electric SE

Reservar

2023-03-09

Divulgación

2023-03-21

Moderación

aceptado

Artículo

VDB-223475

CPE

listo

CWE

CWE-345 (confirmado)

CVSS

7.5 (NVD)

EPSS

0.00141

KEV

Actividades

muy bajo

Sector

Pharma, Agriculture, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-27977
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-27977
CVE Details	https://www.cvedetails.com/cve/CVE-2023-27977/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!