Igss Data Server Schneider Electric Igss Data Server

  1. Vendors
  2. Schneider Electric
  3. Igss Data Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Schneider Electric Igss Data Server.

By the Year

In 2026 there have been 0 vulnerabilities in Schneider Electric Igss Data Server. Igss Data Server did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 16 8.61

It may take a day or so for new Igss Data Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Schneider Electric Igss Data Server Security Vulnerabilities

IGSS Data Server <=16.0.0.23040 Missing Auth Allows Report Deletion (CWE-306)
CVE-2023-27983 5.3 - Medium - March 21, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Missing Authentication for Critical Function

IGSS Data Server <=V16.0.0.23040 - Unauthorized File Rename (CWE-345)
CVE-2023-27979 6.5 - Medium - March 21, 2023

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Insufficient Verification of Data Authenticity

IGSS Data Server CWE-345 Auth Failure Before 16.0.0.23040
CVE-2023-27977 5.3 - Medium - March 21, 2023

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Insufficient Verification of Data Authenticity

IGSS Data Server/Custom Reports v16.0.0.23040 RCE via macro execution (CWE-20)
CVE-2023-27984 8.8 - High - March 21, 2023

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Improper Input Validation

IGSS Custom Reports RCE via Path Traversal (before v16.0.0.23040)
CVE-2023-27981 8.8 - High - March 21, 2023

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Directory traversal

Deserialization RCE in IGSS Data Server v16.0.0.23040 Dash Module
CVE-2023-27978 7.8 - High - March 21, 2023

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Marshaling, Unmarshaling

IGSS Data Server <=16.0.0.23040: RCE via dashboard file manipulation
CVE-2023-27982 8.8 - High - March 21, 2023

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Insufficient Verification of Data Authenticity

Missing Auth in IGSS Data Server TCP (pre-160.0.0.23040) RCE
CVE-2023-27980 8.8 - High - March 21, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)

Missing Authentication for Critical Function

IGSS Data Server Buffer Overflow <V15.0.0.22170 RCE
CVE-2022-32529 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

IGSS Data Server <v15.0.0.22170: Missing Auth in IGSSdataServer.exe
CVE-2022-32528 9.1 - Critical - January 30, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Missing Authentication for Critical Function

IGSS Data Server <V15.0.0.22170: Stack Buffer Overflow via Alarm Cache
CVE-2022-32527 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

Stack-based Buffer Overflow in IGSS Data Server <15.0.0.22170
CVE-2022-32524 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

Vulnerable IGSS Data Server (<15.0.0.22170) Buffer Copy to RCE
CVE-2022-32523 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

IGSS Data Server V15.0.0.22170 Stack-based Buffer Overflow Vulnerability
CVE-2022-32526 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

IGSS Data Server Stack-Overflow Vulnerability Before V15.0.0.22170
CVE-2022-32525 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

IGSSDataServer.exe Buffer Overflow CVE-2022-32522 (pre V15.0.0.22170)
CVE-2022-32522 9.8 - Critical - January 30, 2023

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Schneider Electric Igss Data Server or by Schneider Electric? Click the Watch button to subscribe.

Schneider Electric
Vendor

Schneider Electric Igss Data Server
Product

subscribe