{"api_version":"1","generated_at":"2026-04-23T01:15:04+00:00","cve":"CVE-2023-3001","urls":{"html":"https://cve.report/CVE-2023-3001","api":"https://cve.report/api/cve/CVE-2023-3001.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-3001","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-3001"},"summary":{"title":"CVE-2023-3001","description":"A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that\ncould cause an interpretation of malicious payload data, potentially leading to remote code\nexecution when an attacker gets the user to open a malicious file.","state":"PUBLIC","assigner":"cybersecurity@schneider-electric.com","published_at":"2023-06-14 08:15:00","updated_at":"2023-06-21 21:06:00"},"problem_types":["CWE-502"],"metrics":[],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf","name":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-3001","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3001","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"3001","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"igss_dashboard","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-3001","qid":"378766","title":"Schneider Electric IGSS Dashboard Deserialization of Untrusted Data Vulnerability (ICSA-23-220-01)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-3001","ASSIGNER":"cybersecurity@schneider-electric.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"\nA CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that\ncould cause an interpretation of malicious payload data, potentially leading to remote code\nexecution when an attacker gets the user to open a malicious file. \n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-502 Deserialization of Untrusted Data","cweId":"CWE-502"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Schneider Electric","product":{"product_data":[{"product_name":"IGSS Dashboard (DashBoard.exe)","version":{"version_data":[{"version_affected":"=","version_value":"v16.0.0.23130 and prior"}]}}]}}]}},"references":{"reference_data":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf","refsource":"MISC","name":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-164-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-164-02.pdf"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-14 08:15:00","lastModifiedDate":"2023-06-21 21:06:00","problem_types":["CWE-502"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0.0.23131","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}