Details of VAR-202303-1354

ID

VAR-202303-1354

CVE

CVE-2023-27981

TITLE

Schneider Electric IGSS Data Server Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-29374 // CNNVD: CNNVD-202303-1569

DESCRIPTION

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). Schneider Electric of custom reports , IGSS Dashboard (DashBoard.exe) , igss data server Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the getRMSreportFile function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Schneider Electric IGSS Data Server is a data server of an interactive graphic Scada system of French Schneider Electric (Schneider Electric)

Trust: 2.79

sources: NVD: CVE-2023-27981 // JVNDB: JVNDB-2023-005627 // ZDI: ZDI-23-338 // CNVD: CNVD-2023-29374

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-29374

AFFECTED PRODUCTS

vendor:	schneider electric	model:	igss dashboard	scope:	lte	version:	16.0.0.23040	Trust: 1.0
vendor:	schneider electric	model:	igss data server	scope:	lte	version:	16.0.0.23040	Trust: 1.0
vendor:	schneider electric	model:	custom reports	scope:	lte	version:	16.0.0.23040	Trust: 1.0
vendor:	schneider electric	model:	igss dashboard	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	custom reports	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	igss data server	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	igss	scope:	-	version:	-	Trust: 0.7
vendor:	schneider	model:	electric igss data server	scope:	lte	version:	<=v16.0.0.23040	Trust: 0.6
vendor:	schneider	model:	electric igss dashboard	scope:	lte	version:	<=v16.0.0.23040	Trust: 0.6
vendor:	schneider	model:	electric custom reports	scope:	lte	version:	<=v16.0.0.23040	Trust: 0.6

sources: ZDI: ZDI-23-338 // CNVD: CNVD-2023-29374 // JVNDB: JVNDB-2023-005627 // NVD: CVE-2023-27981

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-27981
value:	HIGH
Trust: 1.0
cybersecurity@se.com:	CVE-2023-27981
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-27981
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-27981
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2023-29374
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202303-1569
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-29374
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-27981
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cybersecurity@se.com:	CVE-2023-27981
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-27981
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-27981
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-338 // CNVD: CNVD-2023-29374 // JVNDB: JVNDB-2023-005627 // CNNVD: CNNVD-202303-1569 // NVD: CVE-2023-27981 // NVD: CVE-2023-27981

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-005627 // NVD: CVE-2023-27981

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-1569

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202303-1569

PATCH

title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf	Trust: 0.7
title:	Patch for Schneider Electric IGSS Data Server Path Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/419151	Trust: 0.6
title:	Schneider Electric IGSS Data Server Repair measures for path traversal vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=230408	Trust: 0.6

sources: ZDI: ZDI-23-338 // CNVD: CNVD-2023-29374 // CNNVD: CNNVD-202303-1569

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27981	Trust: 4.5
db:	SCHNEIDER	id:	SEVD-2023-073-04	Trust: 3.0
db:	ICS CERT	id:	ICSA-23-082-04	Trust: 0.8
db:	JVN	id:	JVNVU94559502	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-005627	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-19419	Trust: 0.7
db:	ZDI	id:	ZDI-23-338	Trust: 0.7
db:	CNVD	id:	CNVD-2023-29374	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1792	Trust: 0.6
db:	CNNVD	id:	CNNVD-202303-1569	Trust: 0.6

sources: ZDI: ZDI-23-338 // CNVD: CNVD-2023-29374 // JVNDB: JVNDB-2023-005627 // CNNVD: CNNVD-202303-1569 // NVD: CVE-2023-27981

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2023-073-04&p_endoctype=security+and+safety+notice&p_file_name=sevd-2023-073-04.pdf	Trust: 3.7
url:	https://jvn.jp/vu/jvnvu94559502/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-27981	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-04	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-27981/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1792	Trust: 0.6

sources: ZDI: ZDI-23-338 // CNVD: CNVD-2023-29374 // JVNDB: JVNDB-2023-005627 // CNNVD: CNNVD-202303-1569 // NVD: CVE-2023-27981

CREDITS

kimiya

Trust: 0.7

sources: ZDI: ZDI-23-338

SOURCES

db:	ZDI	id:	ZDI-23-338
db:	CNVD	id:	CNVD-2023-29374
db:	JVNDB	id:	JVNDB-2023-005627
db:	CNNVD	id:	CNNVD-202303-1569
db:	NVD	id:	CVE-2023-27981

LAST UPDATE DATE

2024-08-14T13:20:57.317000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-338	date:	2023-03-16T00:00:00
db:	CNVD	id:	CNVD-2023-29374	date:	2023-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-005627	date:	2023-11-09T03:11:00
db:	CNNVD	id:	CNNVD-202303-1569	date:	2023-03-27T00:00:00
db:	NVD	id:	CVE-2023-27981	date:	2023-03-24T17:15:29.947

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-338	date:	2023-03-16T00:00:00
db:	CNVD	id:	CNVD-2023-29374	date:	2023-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-005627	date:	2023-11-09T00:00:00
db:	CNNVD	id:	CNNVD-202303-1569	date:	2023-03-21T00:00:00
db:	NVD	id:	CVE-2023-27981	date:	2023-03-21T10:15:17.173