cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-3001,https://securityvulnerability.io/vulnerability/CVE-2023-3001,Deserialization Vulnerability in Schneider Electric Dashboard Module,"A vulnerability in the Dashboard module of Schneider Electric products allows for the deserialization of untrusted data. If a user is tricked into opening a malicious file, this flaw could be exploited to execute arbitrary code remotely, potentially compromising the security of the affected system. Such vulnerabilities pose a significant threat to data integrity and operational continuity.",Schneider Electric,IGSS Dashboard (DashBoard.exe),7.8,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2023-06-14T08:15:00.000Z,0
CVE-2023-27978,https://securityvulnerability.io/vulnerability/CVE-2023-27978,Deserialization Vulnerability in IGSS Dashboard and Data Server by Schneider Electric,"A vulnerability exists in Schneider Electric's IGSS products, specifically within the Dashboard module, which allows for deserialization of untrusted data. This flaw can be exploited when users open a specially crafted file, potentially enabling remote code execution by an attacker. The affected software versions include IGSS Data Server, IGSS Dashboard, and Custom Reports, all vulnerable up to version 16.0.0.23040. Organizations using these products should prioritize mitigation strategies to safeguard their systems against possible exploitation.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",7.8,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27979,https://securityvulnerability.io/vulnerability/CVE-2023-27979,Insufficient Data Authenticity Verification in Schneider Electric's IGSS Data Server,"A vulnerability has been identified in Schneider Electric's IGSS Data Server, characterized by insufficient verification of data authenticity. This risk allows an attacker to send specifically crafted messages to the Data Server's TCP port, potentially enabling unauthorized file renaming within the IGSS project report directory. Such an exploit could lead to service disruption, impacting users and operations significantly. Affected versions include IGSS Data Server (V16.0.0.23040 and prior), IGSS Dashboard (V16.0.0.23040 and prior), and Custom Reports (V16.0.0.23040 and prior).",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",6.5,MEDIUM,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27980,https://securityvulnerability.io/vulnerability/CVE-2023-27980,Missing Authentication Vulnerability in IGSS Data Server by Schneider Electric,"A missing authentication vulnerability exists in the TCP interface of the IGSS Data Server, allowing unauthorized users to create a malicious report file within the IGSS project report directory. If a victim opens this report, it may lead to remote code execution, compromising system integrity and security. Affected versions include IGSS Data Server V16.0.0.23040 and earlier, IGSS Dashboard V16.0.0.23040 and earlier, and Custom Reports V16.0.0.23040 and earlier.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",8.8,HIGH,0.0040699997916817665,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27977,https://securityvulnerability.io/vulnerability/CVE-2023-27977,Insufficient Data Verification in Schneider Electric IGSS Data Server,"The vulnerability identified in Schneider Electric's IGSS Data Server originates from inadequate verification of data authenticity. This flaw can be exploited by attackers to send carefully crafted messages to the Data Server's TCP port, allowing unauthorized access to delete critical files within the IGSS project report directory. Such actions can result in significant data loss and compromise the integrity of user operations. Affected products include the IGSS Data Server, IGSS Dashboard, and Custom Reports, all of which are vulnerable up to version 16.0.0.23040.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",6.5,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27982,https://securityvulnerability.io/vulnerability/CVE-2023-27982,Insufficient Data Authenticity Verification in IGSS Data Server Products,"A vulnerability in Schneider Electric's IGSS Data Server products allows attackers to exploit insufficient verification of data authenticity. This issue can be triggered by sending specially crafted messages to the Data Server's TCP port. If a victim opens a manipulated dashboard file, it could lead to remote code execution. This vulnerability affects multiple versions of the IGSS Data Server, IGSS Dashboard, and Custom Reports.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",8.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27983,https://securityvulnerability.io/vulnerability/CVE-2023-27983,Missing Authentication in IGSS Data Server and Dashboard by Schneider Electric,"A vulnerability exists in the Data Server TCP interface that allows unauthorized users to delete reports from the IGSS project report directory. This exploitation can lead to significant data loss as attackers can misuse this functionality to manipulate or erase critical project reports. The affected components include the IGSS Data Server, IGSS Dashboard, and Custom Reports, all having versions V16.0.0.23040 and prior. Organizations using these products should apply security measures to prevent unauthorized access.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",6.5,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27984,https://securityvulnerability.io/vulnerability/CVE-2023-27984,Improper Input Validation in Schneider Electric IGSS Products,"A vulnerability exists within Schneider Electric's IGSS products due to improper input validation in Custom Reports. This flaw might allow an attacker to execute macros through malicious report files. When a user interacts with such a compromised report, it can potentially lead to remote code execution, compromising the system's integrity and security. Users are advised to be vigilant and ensure they are using the latest versions of the affected products to mitigate this risk.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",7.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27981,https://securityvulnerability.io/vulnerability/CVE-2023-27981,Improper Limitation of Pathname Vulnerability in Schneider Electric's Custom Reports,"A security vulnerability exists in Schneider Electric's Custom Reports that may allow an attacker to execute arbitrary code on the affected systems. This issue stems from improper limitation of pathnames leading to the potential exploitation when users attempt to open specially crafted malicious reports. The products susceptible to this vulnerability include IGSS Data Server, IGSS Dashboard, and Custom Reports, specifically versions 16.0.0.23040 and earlier.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",7.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0