Improper Log Output Neutralization Vulnerability in EcoStruxure Geo SCADA by Schneider Electric
CVE-2023-0595

5.3MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Ecostruxure Geo Scada Expert 2019; Ecostruxure Geo Scada Expert 2020; Ecostruxure Geo Scada Expert 2021; Clearscada
Vendor: CVE Published:; 24 February 2023

Summary

A vulnerability exists in EcoStruxure Geo SCADA and ClearSCADA products that allows improper output neutralization for log files. This flaw could enable the misinterpretation of log entries due to the processing of malicious packets sent to the database web port, typically at port 443. Exploitation of this vulnerability could result in significant security risks, as it may allow unauthorized access or manipulation of the log contents, impacting operational integrity and confidentiality.

Affected Version(s)

ClearSCADA All Versions

EcoStruxure Geo SCADA Expert 2019 All

EcoStruxure Geo SCADA Expert 2020 All

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2023
Vulnerability Reserved
Jan 31, 2023