CVE-2023-27979 MEDIUM

CVE-2023-27979

Vendor Schneider Electric

Product IGSS Data Server(IGSSdataServer.exe)

Weakness CWE-345

Published March 21, 2023

Last update February 5, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Key dates

02Disclosure timeline

March 21, 2023 CVE published

February 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-27979 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/345.html

Related vulnerabilities

Identifiers

CVE CVE-2023-27979

CWE CWE-345

CVSS 6.5 / MEDIUM

Affected versions

Vendor Schneider Electric

Product IGSS Data Server(IGSSdataServer.exe)

Affected ≥ V and ≤ 16.0.0.23040

Vendor Schneider Electric

Product IGSS Dashboard (DashBoard.exe)

Affected ≥ V and ≤ 16.0.0.23040

Vendor Schneider Electric

Product Custom Reports (RMS16.dll)

Affected ≥ V and ≤ 16.0.0.23040

CVE-2023-27979

01Description

02Disclosure timeline

03References

04Related CVE