CVE-2023-0595 MEDIUM

CVE-2023-0595

Vendor Schneider Electric

Product EcoStruxure Geo SCADA Expert 2019

Weakness CWE-117

Published February 24, 2023

Last update February 5, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)

Key dates

02Disclosure timeline

February 24, 2023 CVE published

February 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0595 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/117.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0595

CWE CWE-117

CVSS 5.3 / MEDIUM

Affected versions

Vendor Schneider Electric

Product EcoStruxure Geo SCADA Expert 2019

Affected ≥ All and ≤ October 2022

Vendor Schneider Electric

Product EcoStruxure Geo SCADA Expert 2020

Affected ≥ All and ≤ October 2022

Vendor Schneider Electric

Product EcoStruxure Geo SCADA Expert 2021

Affected ≥ All and ≤ October 2022

Vendor Schneider Electric

Product ClearSCADA

Affected All Versions

CVE-2023-0595

01Description

02Disclosure timeline

03References

04Related CVE