CVE-2023-22611 HIGH

CVE-2023-22611

Vendor Schneider Electric

Product EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA)

Weakness CWE-200 · Info exposure

Published January 31, 2023

Last update February 5, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

Key dates

02Disclosure timeline

January 31, 2023 CVE published

February 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22611 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2023-22611

CWE CWE-200

CVSS 7.5 / HIGH

Affected versions