cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-27979,https://securityvulnerability.io/vulnerability/CVE-2023-27979,Insufficient Data Authenticity Verification in Schneider Electric's IGSS Data Server,"A vulnerability has been identified in Schneider Electric's IGSS Data Server, characterized by insufficient verification of data authenticity. This risk allows an attacker to send specifically crafted messages to the Data Server's TCP port, potentially enabling unauthorized file renaming within the IGSS project report directory. Such an exploit could lead to service disruption, impacting users and operations significantly. Affected versions include IGSS Data Server (V16.0.0.23040 and prior), IGSS Dashboard (V16.0.0.23040 and prior), and Custom Reports (V16.0.0.23040 and prior).",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",6.5,MEDIUM,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27978,https://securityvulnerability.io/vulnerability/CVE-2023-27978,Deserialization Vulnerability in IGSS Dashboard and Data Server by Schneider Electric,"A vulnerability exists in Schneider Electric's IGSS products, specifically within the Dashboard module, which allows for deserialization of untrusted data. This flaw can be exploited when users open a specially crafted file, potentially enabling remote code execution by an attacker. The affected software versions include IGSS Data Server, IGSS Dashboard, and Custom Reports, all vulnerable up to version 16.0.0.23040. Organizations using these products should prioritize mitigation strategies to safeguard their systems against possible exploitation.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",7.8,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27983,https://securityvulnerability.io/vulnerability/CVE-2023-27983,Missing Authentication in IGSS Data Server and Dashboard by Schneider Electric,"A vulnerability exists in the Data Server TCP interface that allows unauthorized users to delete reports from the IGSS project report directory. This exploitation can lead to significant data loss as attackers can misuse this functionality to manipulate or erase critical project reports. The affected components include the IGSS Data Server, IGSS Dashboard, and Custom Reports, all having versions V16.0.0.23040 and prior. Organizations using these products should apply security measures to prevent unauthorized access.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",6.5,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27977,https://securityvulnerability.io/vulnerability/CVE-2023-27977,Insufficient Data Verification in Schneider Electric IGSS Data Server,"The vulnerability identified in Schneider Electric's IGSS Data Server originates from inadequate verification of data authenticity. This flaw can be exploited by attackers to send carefully crafted messages to the Data Server's TCP port, allowing unauthorized access to delete critical files within the IGSS project report directory. Such actions can result in significant data loss and compromise the integrity of user operations. Affected products include the IGSS Data Server, IGSS Dashboard, and Custom Reports, all of which are vulnerable up to version 16.0.0.23040.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",6.5,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27984,https://securityvulnerability.io/vulnerability/CVE-2023-27984,Improper Input Validation in Schneider Electric IGSS Products,"A vulnerability exists within Schneider Electric's IGSS products due to improper input validation in Custom Reports. This flaw might allow an attacker to execute macros through malicious report files. When a user interacts with such a compromised report, it can potentially lead to remote code execution, compromising the system's integrity and security. Users are advised to be vigilant and ensure they are using the latest versions of the affected products to mitigate this risk.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",7.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27982,https://securityvulnerability.io/vulnerability/CVE-2023-27982,Insufficient Data Authenticity Verification in IGSS Data Server Products,"A vulnerability in Schneider Electric's IGSS Data Server products allows attackers to exploit insufficient verification of data authenticity. This issue can be triggered by sending specially crafted messages to the Data Server's TCP port. If a victim opens a manipulated dashboard file, it could lead to remote code execution. This vulnerability affects multiple versions of the IGSS Data Server, IGSS Dashboard, and Custom Reports.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",8.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27981,https://securityvulnerability.io/vulnerability/CVE-2023-27981,Improper Limitation of Pathname Vulnerability in Schneider Electric's Custom Reports,"A security vulnerability exists in Schneider Electric's Custom Reports that may allow an attacker to execute arbitrary code on the affected systems. This issue stems from improper limitation of pathnames leading to the potential exploitation when users attempt to open specially crafted malicious reports. The products susceptible to this vulnerability include IGSS Data Server, IGSS Dashboard, and Custom Reports, specifically versions 16.0.0.23040 and earlier.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",7.8,HIGH,0.004189999774098396,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2023-27980,https://securityvulnerability.io/vulnerability/CVE-2023-27980,Missing Authentication Vulnerability in IGSS Data Server by Schneider Electric,"A missing authentication vulnerability exists in the TCP interface of the IGSS Data Server, allowing unauthorized users to create a malicious report file within the IGSS project report directory. If a victim opens this report, it may lead to remote code execution, compromising system integrity and security. Affected versions include IGSS Data Server V16.0.0.23040 and earlier, IGSS Dashboard V16.0.0.23040 and earlier, and Custom Reports V16.0.0.23040 and earlier.",Schneider Electric,"Igss Data Server(igssdataserver.exe),Igss Dashboard (dashboard.exe),Custom Reports (rms16.dll)",8.8,HIGH,0.0040699997916817665,false,,false,false,false,,,false,false,,2023-03-21T00:00:00.000Z,0
CVE-2022-2329,https://securityvulnerability.io/vulnerability/CVE-2022-2329,Integer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"The IGSS Data Server by Schneider Electric is susceptible to an integer overflow vulnerability that can lead to heap-based buffer overflow. This security flaw allows an attacker to exploit the system by sending multiple specially crafted messages, which may result in a denial of service and potentially enable remote code execution. It is crucial for users to update their systems to mitigate the risk associated with this vulnerability.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.004739999771118164,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-24324,https://securityvulnerability.io/vulnerability/CVE-2022-24324,Stack-based Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"A vulnerability exists in the IGSS Data Server that allows a stack-based buffer overflow due to improper size checks during buffer copy operations. If an attacker sends a specially crafted message, this flaw can lead to remote code execution, potentially compromising system integrity and security. Affected versions include IGSSdataServer.exe prior to version V15.0.0.22073. Users are urged to upgrade to the latest version to mitigate potential risks.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.005210000090301037,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-32529,https://securityvulnerability.io/vulnerability/CVE-2022-32529,Buffer Overflow Vulnerability in Schneider Electric IGSS Data Server,A vulnerability exists in the IGSS Data Server that allows stack-based buffer overflow due to inadequate checks on input size when processing specially crafted log data request messages. This could potentially enable an attacker to execute arbitrary code remotely. Administrators should ensure they are using versions V15.0.0.22170 or later to mitigate this risk.,Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32528,https://securityvulnerability.io/vulnerability/CVE-2022-32528,Missing Authentication in IGSS Data Server by Schneider Electric,A vulnerability exists in the IGSS Data Server due to missing authentication mechanisms that could allow an unauthorized user to access and manipulate sensitive files within the project report directory. This lack of authentication poses a risk of potential denial-of-service conditions when specific messages are transmitted by an attacker. Products affected include all versions prior to V15.0.0.22170.,Schneider Electric,Igss Data Server (igssdataserver.exe),8.6,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32525,https://securityvulnerability.io/vulnerability/CVE-2022-32525,Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"A vulnerability in the IGSS Data Server software allows attackers to exploit a flaw related to buffer copying, potentially leading to a stack-based buffer overflow. By sending specially crafted alarm data messages, an attacker could execute arbitrary remote code on affected systems running versions prior to V15.0.0.22170. This flaw poses significant risks to the integrity and confidentiality of the systems utilizing this software.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32524,https://securityvulnerability.io/vulnerability/CVE-2022-32524,Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"A vulnerability exists in the IGSS Data Server that allows for a stack-based buffer overflow due to inadequate input size checks. This issue arises when an attacker sends specially crafted time reduced data messages, potentially leading to remote code execution. The vulnerability affects versions prior to V15.0.0.22170 of the IGSSdataServer.exe application.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32523,https://securityvulnerability.io/vulnerability/CVE-2022-32523,Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"A buffer overflow vulnerability exists in IGSS Data Server, specifically affecting the IGSSdataServer.exe component in versions prior to 15.0.0.22170. This issue arises from insufficient validation of the size of input data, allowing attackers to craft specially designed online data request messages that result in a stack-based buffer overflow. Exploitation of this vulnerability could allow malicious actors to execute arbitrary code remotely, posing significant risks to systems running the affected software.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32522,https://securityvulnerability.io/vulnerability/CVE-2022-32522,Buffer Overflow Vulnerability in Schneider Electric IGSS Data Server,"A stack-based buffer overflow vulnerability exists in Schneider Electric's IGSS Data Server, specifically affecting versions prior to V15.0.0.22170. This vulnerability allows attackers to exploit the server by sending specially crafted mathematically reduced data request messages, which may result in remote code execution. Proper input validation and secure coding practices are essential to mitigate the risks associated with this vulnerability.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32527,https://securityvulnerability.io/vulnerability/CVE-2022-32527,Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"A buffer overflow vulnerability exists in the IGSS Data Server's handling of alarm cache data messages. This flaw, categorized as a CWE-120 issue, can be exploited by an attacker sending specially crafted messages, potentially allowing for remote code execution. Users of affected versions need to take preventive measures to safeguard their systems against possible exploitation.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-32526,https://securityvulnerability.io/vulnerability/CVE-2022-32526,Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric,"A buffer overflow vulnerability exists in IGSS Data Server, specifically in the IGSSdataServer.exe executable, which affects versions prior to V15.0.0.22170. This flaw may allow attackers to exploit the system by sending specially crafted setting value messages, posing a risk of remote code execution. Organizations using the affected product should apply relevant patches or updates to mitigate potential security threats.",Schneider Electric,Igss Data Server (igssdataserver.exe),9.8,CRITICAL,0.00443999981507659,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0