Igss Dashboard Schneider Electric Igss Dashboard

Do you want an email whenever new security vulnerabilities are reported in Schneider Electric Igss Dashboard?

By the Year

In 2024 there have been 0 vulnerabilities in Schneider Electric Igss Dashboard . Last year Igss Dashboard had 9 security vulnerabilities published. Right now, Igss Dashboard is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 9 7.54
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Igss Dashboard vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Schneider Electric Igss Dashboard Security Vulnerabilities

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module

CVE-2023-3001 7.8 - High - June 14, 2023

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file.

Marshaling, Unmarshaling

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface

CVE-2023-27983 5.3 - Medium - March 21, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Missing Authentication for Critical Function

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server

CVE-2023-27979 6.5 - Medium - March 21, 2023

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Insufficient Verification of Data Authenticity

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server

CVE-2023-27977 5.3 - Medium - March 21, 2023

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Insufficient Verification of Data Authenticity

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports

CVE-2023-27984 8.8 - High - March 21, 2023

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Improper Input Validation

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports

CVE-2023-27981 8.8 - High - March 21, 2023

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Directory traversal

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module

CVE-2023-27978 7.8 - High - March 21, 2023

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Marshaling, Unmarshaling

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server

CVE-2023-27982 8.8 - High - March 21, 2023

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Insufficient Verification of Data Authenticity

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface

CVE-2023-27980 8.8 - High - March 21, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)

Missing Authentication for Critical Function

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Schneider Electric Igss Data Server or by Schneider Electric? Click the Watch button to subscribe.

subscribe