CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 82.2%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-27981

Schneider-Electric » Custom Reports » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:custom_reports:16.0.0.23040
Schneider-Electric » Igss Dashboard » Version: N/A

cpe:2.3:a:schneider-electric:igss_dashboard:-
Schneider-Electric » Igss Dashboard » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:igss_dashboard:16.0.0.23040
Schneider-Electric » Igss Data Server » Version: 15.0.0.22170

cpe:2.3:a:schneider-electric:igss_data_server:15.0.0.22170
Schneider-Electric » Igss Data Server » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:igss_data_server:16.0.0.23040

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27981

Products

Pricing

Contact Us