CVE-2023-27983 MEDIUM

CVE-2023-27983

Vendor Schneider Electric
Product IGSS Data Server(IGSSdataServer.exe)
Weakness CWE-306 · Missing auth
Published March 21, 2023
Last update February 5, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Key dates

02Disclosure timeline

March 21, 2023 CVE published
February 5, 2025 Record updated