CVE-2023-4516 HIGH

CVE-2023-4516

Vendor Schneider Electric
Product IGSS Update Service (IGSSupdateservice.exe)
Weakness CWE-306 · Missing auth
Published September 14, 2023
Last update February 27, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.

Key dates

02Disclosure timeline

September 14, 2023 CVE published
February 27, 2025 Record updated