CVE-2023-27978
Summary
| CVE | CVE-2023-27978 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-21 09:15:00 UTC |
| Updated | 2023-03-24 17:20:00 UTC |
| Description | A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Schneider-electric | Custom Reports | All | All | All | All |
| Application | Schneider-electric | Igss Dashboard | All | All | All | All |
| Application | Schneider-electric | Igss Data Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| download.schneider-electric.com/files | MISC | download.schneider-electric.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.