CVE-2023-22610 CRITICAL

CVE-2023-22610

Vendor Schneider Electric
Product EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA)
Weakness CWE-863 · Incorrect authorization
Published January 31, 2023
Last update February 5, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.

Key dates

02Disclosure timeline

January 31, 2023 CVE published
February 5, 2025 Record updated