Details of VAR-202302-1810

ID

VAR-202302-1810

CVE

CVE-2023-0595

TITLE

Schneider Electric of ClearSCADA and EcoStruxure Geo SCADA Expert 2019 Vulnerability related to improper log output disabling in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004517

DESCRIPTION

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions) . Schneider Electric of ClearSCADA and EcoStruxure Geo SCADA Expert 2019 contains a vulnerability related to improper logging disablement.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2023-0595 // JVNDB: JVNDB-2023-004517 // VULHUB: VHN-453650 // VULMON: CVE-2023-0595

AFFECTED PRODUCTS

vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8218.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7936.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8108.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7980.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7522.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8017.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8155.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8267.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7896.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7840.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7808.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7714.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7322.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8221.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8182.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7613.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7936.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7429.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7787.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7913.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7980.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8108.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8108.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7717.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7641.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7268.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8220.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8155.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7457.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7551.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8269.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7840.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7875.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7809.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8172.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8120.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8197.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8122.2	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8027.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7488.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8015.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7692.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7690.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7578.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7545.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7578.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8267.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7777.1	Trust: 1.0
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	*	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7613.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7742.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.8122.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7875.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.7742.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2020	scope:	eq	version:	83.8181.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	eq	version:	81.7641.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2021	scope:	eq	version:	84.8158.1	Trust: 1.0
vendor:	schneider electric	model:	ecostruxure geo scada expert 2019	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-004517 // NVD: CVE-2023-0595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-0595
value:	MEDIUM
Trust: 1.0
cybersecurity@se.com:	CVE-2023-0595
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-0595
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-1985
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2023-0595
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2023-0595
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-004517 // CNNVD: CNNVD-202302-1985 // NVD: CVE-2023-0595 // NVD: CVE-2023-0595

PROBLEMTYPE DATA

problemtype:	CWE-116	Trust: 1.1
problemtype:	CWE-117	Trust: 1.1
problemtype:	Disabling inappropriate logging (CWE-117) [ others ]	Trust: 0.8

sources: VULHUB: VHN-453650 // JVNDB: JVNDB-2023-004517 // NVD: CVE-2023-0595

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1985

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1985

PATCH

title:

EcoStruxure Geo SCADA Expert Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227643

Trust: 0.6

sources: CNNVD: CNNVD-202302-1985

EXTERNAL IDS

db:	NVD	id:	CVE-2023-0595	Trust: 3.4
db:	SCHNEIDER	id:	SEVD-2023-045-01	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-004517	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1985	Trust: 0.6
db:	VULHUB	id:	VHN-453650	Trust: 0.1
db:	VULMON	id:	CVE-2023-0595	Trust: 0.1

sources: VULHUB: VHN-453650 // VULMON: CVE-2023-0595 // JVNDB: JVNDB-2023-004517 // CNNVD: CNNVD-202302-1985 // NVD: CVE-2023-0595

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-045-01&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-045-01.pdf	Trust: 2.4
url:	https://www.se.com/ww/en/download/document/sevd-2023-045-01/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0595	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-0595/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/117.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-453650 // VULMON: CVE-2023-0595 // JVNDB: JVNDB-2023-004517 // CNNVD: CNNVD-202302-1985 // NVD: CVE-2023-0595

SOURCES

db:	VULHUB	id:	VHN-453650
db:	VULMON	id:	CVE-2023-0595
db:	JVNDB	id:	JVNDB-2023-004517
db:	CNNVD	id:	CNNVD-202302-1985
db:	NVD	id:	CVE-2023-0595

LAST UPDATE DATE

2024-08-14T15:11:01.255000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-453650	date:	2023-03-03T00:00:00
db:	VULMON	id:	CVE-2023-0595	date:	2023-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2023-004517	date:	2023-10-31T02:03:00
db:	CNNVD	id:	CNNVD-202302-1985	date:	2023-04-19T00:00:00
db:	NVD	id:	CVE-2023-0595	date:	2023-04-18T21:15:07.723

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-453650	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2023-0595	date:	2023-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2023-004517	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1985	date:	2023-02-24T00:00:00
db:	NVD	id:	CVE-2023-0595	date:	2023-02-24T11:15:10.643