Improper Input Validation in Schneider Electric IGSS Products
CVE-2023-27984

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Igss Data Server(igssdataserver.exe); Igss Dashboard (dashboard.exe); Custom Reports (rms16.dll)
Vendor: CVE Published:; 21 March 2023

Summary

A vulnerability exists within Schneider Electric's IGSS products due to improper input validation in Custom Reports. This flaw might allow an attacker to execute macros through malicious report files. When a user interacts with such a compromised report, it can potentially lead to remote code execution, compromising the system's integrity and security. Users are advised to be vigilant and ensure they are using the latest versions of the affected products to mitigate this risk.

Affected Version(s)

Custom Reports (RMS16.dll) V <= 16.0.0.23040

IGSS Dashboard (DashBoard.exe) V <= 16.0.0.23040

IGSS Data Server(IGSSdataServer.exe) V <= 16.0.0.23040

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Mar 9, 2023