CVE-2023-22610
Published on: Not Yet Published
Last Modified on: 02/07/2023 07:52:00 PM UTC
Certain versions of Ecostruxure Geo Scada Expert 2019 from Schneider-electric contain the following vulnerability:
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
- CVE-2023-22610 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity. - Affected Vendor/Software: Schneider Electric - EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) version < October 2022
CVSS3 Score: 7.5 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | NONE | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| download.schneider-electric.com application/pdf Inactive LinkNot Archived |
MISC download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf | |
| Security Notification - EcoStruxure Geo SCADA Expert Security and Safety Notice | Schneider Electric | www.se.com text/html |
MISC www.se.com/ww/en/download/document/SEVD-2023-010-02/ |
There are currently no QIDs associated with this CVE
Exploit/POC from Github
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA serve…
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:-:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7268.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7322.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7429.2:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7457.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7488.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7522.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7545.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7578.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7613.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7641.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7690.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7714.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7742.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7777.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7808.2:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7840.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7875.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7896.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7936.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7980.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8015.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8108.2:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8122.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8155.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8172.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8197.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8220.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8267.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:-:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7551.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7578.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7613.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7641.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7692.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7717.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7742.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7787.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7809.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7840.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7875.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7913.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7936.2:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7980.2:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8017.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8108.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8122.2:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8155.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8181.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8197.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8221.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8267.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:-:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8027.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8108.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8120.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8158.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8182.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8197.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8218.1:*:*:*:*:*:*:*:
- cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8269.1:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2023-22610 : A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against… twitter.com/i/web/status/1… | 2023-01-31 17:08:21 |
 /r/netcve |
CVE-2023-22610 | 2023-01-31 18:42:01 |