A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Mar 2023, 17:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Schneider-electric
Schneider-electric igss Dashboard Schneider-electric custom Reports Schneider-electric igss Data Server |
|
CPE | cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:* cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:* cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:* |
|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
21 Mar 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-21 09:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-27978
Mitre link : CVE-2023-27978
CVE.ORG link : CVE-2023-27978
JSON object : View
Products Affected
schneider-electric
- custom_reports
- igss_dashboard
- igss_data_server
CWE
CWE-502
Deserialization of Untrusted Data