Details of VAR-202301-2353

ID

VAR-202301-2353

CVE

CVE-2023-22610

TITLE

Geo SCADA Vulnerabilities in the server

Trust: 0.8

sources: JVNDB: JVNDB-2023-002975

DESCRIPTION

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Geo SCADA An unspecified vulnerability exists in the server.Service operation interruption (DoS) It may be in a state. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

Trust: 1.71

sources: NVD: CVE-2023-22610 // JVNDB: JVNDB-2023-002975 // VULMON: CVE-2023-22610

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8218.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7936.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8108.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7980.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7522.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8017.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8155.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8267.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7896.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7840.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7714.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7808.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7322.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8182.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7613.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7936.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7429.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7787.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7913.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7980.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8108.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8108.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7717.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7641.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7268.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8220.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8155.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7457.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7551.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8269.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7840.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7875.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7809.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8172.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8120.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8122.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8027.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7488.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8015.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7692.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7690.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7578.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7545.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7578.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8267.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7777.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7613.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7742.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8181.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8122.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7875.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7742.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8221.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7641.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8158.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002975 // NVD: CVE-2023-22610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-22610
value:	HIGH
Trust: 1.0
cybersecurity@se.com:	CVE-2023-22610
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-22610
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-2427
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-22610
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cybersecurity@se.com:	CVE-2023-22610
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2023-22610
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002975 // CNNVD: CNNVD-202301-2427 // NVD: CVE-2023-22610 // NVD: CVE-2023-22610

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-863	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002975 // NVD: CVE-2023-22610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-2427

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-2427

PATCH

title:	SEVD-2023-010-02	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf	Trust: 0.8
title:	EcoStruxure Geo SCADA Expert Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224263	Trust: 0.6

sources: JVNDB: JVNDB-2023-002975 // CNNVD: CNNVD-202301-2427

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22610	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2023-010-02	Trust: 1.7
db:	JVNDB	id:	JVNDB-2023-002975	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-2427	Trust: 0.6
db:	VULMON	id:	CVE-2023-22610	Trust: 0.1

sources: VULMON: CVE-2023-22610 // JVNDB: JVNDB-2023-002975 // CNNVD: CNNVD-202301-2427 // NVD: CVE-2023-22610

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-010-02&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-010-02_geo_scada_security_notification.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22610	Trust: 0.8
url:	https://www.se.com/ww/en/download/document/sevd-2023-010-02/	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-22610/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/285.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-22610 // JVNDB: JVNDB-2023-002975 // CNNVD: CNNVD-202301-2427 // NVD: CVE-2023-22610

SOURCES

db:	VULMON	id:	CVE-2023-22610
db:	JVNDB	id:	JVNDB-2023-002975
db:	CNNVD	id:	CNNVD-202301-2427
db:	NVD	id:	CVE-2023-22610

LAST UPDATE DATE

2024-08-14T14:24:17.724000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-22610	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-002975	date:	2023-08-28T05:56:00
db:	CNNVD	id:	CNNVD-202301-2427	date:	2023-06-15T00:00:00
db:	NVD	id:	CVE-2023-22610	date:	2023-06-14T08:15:08.860

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-22610	date:	2023-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2023-002975	date:	2023-08-28T00:00:00
db:	CNNVD	id:	CNNVD-202301-2427	date:	2023-01-31T00:00:00
db:	NVD	id:	CVE-2023-22610	date:	2023-01-31T17:15:08.827