CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.1%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-27984

Schneider-Electric » Custom Reports » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:custom_reports:16.0.0.23040
Schneider-Electric » Igss Dashboard » Version: N/A

cpe:2.3:a:schneider-electric:igss_dashboard:-
Schneider-Electric » Igss Dashboard » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:igss_dashboard:16.0.0.23040
Schneider-Electric » Igss Data Server » Version: 15.0.0.22170

cpe:2.3:a:schneider-electric:igss_data_server:15.0.0.22170
Schneider-Electric » Igss Data Server » Version: 16.0.0.23040

cpe:2.3:a:schneider-electric:igss_data_server:16.0.0.23040

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27984

Products

Pricing

Contact Us