Details of VAR-202301-2352

ID

VAR-202301-2352

CVE

CVE-2023-22611

TITLE

plural EcoStruxure Geo SCADA Expert product ( old name ClearSCADA) Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002976

DESCRIPTION

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022). EcoStruxure Geo SCADA Expert 2019 from 2021 ( old name ClearSCADA) Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2023-22611 // JVNDB: JVNDB-2023-002976 // VULMON: CVE-2023-22611

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8218.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7936.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8108.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7980.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7522.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8017.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8155.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8267.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7896.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7840.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7714.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7808.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7322.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8182.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7613.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7936.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7429.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7787.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7913.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7980.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8108.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8108.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7717.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7641.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7268.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8220.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8155.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7457.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7551.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8269.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7840.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7875.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7809.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8172.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8120.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8122.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8027.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7488.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8015.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7692.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7690.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7578.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7545.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7578.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8267.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7777.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7613.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7742.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8181.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8122.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7875.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7742.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8221.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7641.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8158.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	october 2022 before that	Trust: 0.8
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002976 // NVD: CVE-2023-22611

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-22611
value:	HIGH
Trust: 1.0
cybersecurity@se.com:	CVE-2023-22611
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-002976
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-2426
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-22611
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-002976
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002976 // CNNVD: CNNVD-202301-2426 // NVD: CVE-2023-22611 // NVD: CVE-2023-22611

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002976 // NVD: CVE-2023-22611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-2426

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202301-2426

PATCH

title:	SEVD-2023-010-02	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf	Trust: 0.8
title:	EcoStruxure Geo SCADA Expert Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224262	Trust: 0.6

sources: JVNDB: JVNDB-2023-002976 // CNNVD: CNNVD-202301-2426

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22611	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2023-010-02	Trust: 1.7
db:	JVNDB	id:	JVNDB-2023-002976	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-2426	Trust: 0.6
db:	VULMON	id:	CVE-2023-22611	Trust: 0.1

sources: VULMON: CVE-2023-22611 // JVNDB: JVNDB-2023-002976 // CNNVD: CNNVD-202301-2426 // NVD: CVE-2023-22611

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-010-02_geo_scada_security_notification.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22611	Trust: 0.8
url:	https://www.se.com/ww/en/download/document/sevd-2023-010-02/	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-22611/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-22611 // JVNDB: JVNDB-2023-002976 // CNNVD: CNNVD-202301-2426 // NVD: CVE-2023-22611

SOURCES

db:	VULMON	id:	CVE-2023-22611
db:	JVNDB	id:	JVNDB-2023-002976
db:	CNNVD	id:	CNNVD-202301-2426
db:	NVD	id:	CVE-2023-22611

LAST UPDATE DATE

2024-08-14T14:24:17.749000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-22611	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-002976	date:	2023-08-28T06:02:00
db:	CNNVD	id:	CNNVD-202301-2426	date:	2023-02-08T00:00:00
db:	NVD	id:	CVE-2023-22611	date:	2023-02-07T19:56:57.870

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-22611	date:	2023-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2023-002976	date:	2023-08-28T00:00:00
db:	CNNVD	id:	CNNVD-202301-2426	date:	2023-01-31T00:00:00
db:	NVD	id:	CVE-2023-22611	date:	2023-01-31T17:15:08.927