Deserialization Vulnerability in IGSS Dashboard and Data Server by Schneider Electric
CVE-2023-27978

7.8HIGH

Key Information:

Vendor

Schneider Electric
Status
Igss Data Server(igssdataserver.exe)
Igss Dashboard (dashboard.exe)
Custom Reports (rms16.dll)
Vendor
CVE Published:
21 March 2023

What is CVE-2023-27978?

A vulnerability exists in Schneider Electric's IGSS products, specifically within the Dashboard module, which allows for deserialization of untrusted data. This flaw can be exploited when users open a specially crafted file, potentially enabling remote code execution by an attacker. The affected software versions include IGSS Data Server, IGSS Dashboard, and Custom Reports, all vulnerable up to version 16.0.0.23040. Organizations using these products should prioritize mitigation strategies to safeguard their systems against possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Custom Reports (RMS16.dll) V <= 16.0.0.23040

IGSS Dashboard (DashBoard.exe) V <= 16.0.0.23040

IGSS Data Server(IGSSdataServer.exe) V <= 16.0.0.23040

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.