Schneider Electric IGSS Data Server/IGSS Dashboard/Custom Reports up to 16.0.0.23040 TCP Interface missing authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Schneider Electric IGSS Data Server, IGSS Dashboard and Custom Reports up to 16.0.0.23040. This affects an unknown function of the component TCP Interface. Such manipulation leads to missing authentication. This vulnerability is traded as CVE-2023-27983. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.
Details
A vulnerability was found in Schneider Electric IGSS Data Server, IGSS Dashboard and Custom Reports up to 16.0.0.23040 (SCADA Software) and classified as critical. Affected by this issue is some unknown functionality of the component TCP Interface. The manipulation with an unknown input leads to a missing authentication vulnerability. Using CWE to declare the problem leads to CWE-306. The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Impacted is integrity, and availability. CVE summarizes:
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
The weakness was shared 03/21/2023 as SEVD-2023-073-04. The advisory is shared for download at download.schneider-electric.com. This vulnerability is handled as CVE-2023-27983 since 03/09/2023. There are neither technical details nor an exploit publicly available.
Applying a patch is able to eliminate this problem.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-31709). Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.1VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.3
NVD Vector: 🔍
CNA Base Score: 6.5
CNA Vector (Schneider Electric SE): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Missing authenticationCWE: CWE-306 / CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
03/09/2023 🔍03/21/2023 🔍
03/21/2023 🔍
12/01/2025 🔍
Sources
Vendor: schneider-electric.comAdvisory: SEVD-2023-073-04
Status: Confirmed
CVE: CVE-2023-27983 (🔍)
GCVE (CVE): GCVE-0-2023-27983
GCVE (VulDB): GCVE-100-223484
EUVD: 🔍
Entry
Created: 03/21/2023 15:52Updated: 12/01/2025 03:38
Changes: 03/21/2023 15:52 (51), 04/12/2023 11:11 (11), 12/01/2025 03:38 (16)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.