CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.4%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2023-27980

Schneider-Electric » Custom Reports » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:custom_reports:16.0.0.23040
Schneider-Electric » Igss Dashboard » Version: N/A

cpe:2.3:a:schneider-electric:igss_dashboard:-
Schneider-Electric » Igss Dashboard » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:igss_dashboard:16.0.0.23040
Schneider-Electric » Igss Data Server » Version: 15.0.0.22170

cpe:2.3:a:schneider-electric:igss_data_server:15.0.0.22170
Schneider-Electric » Igss Data Server » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:igss_data_server:16.0.0.23040

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27980

Products

Pricing

Contact Us