VDB
SEVD-2023-255-01
SEVD-2023-255-01
PUBLISHED
CVSS 7.800000190734863 HIGH
Schneider Electric is aware of a vulnerability in its Update Service for the IGSS (Interactive Graphical SCADA System) product. The IGSS product is a state-of-the art SCADA system used for monitoring and controlling industrial processes. The IGSS Update Service handles IGSS Software to be updated. Failure to apply the remediation provided below may risk remote code execution, which could result in a variety of issues including loss of control of the SCADA System with IGSS running in production mode
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric IGSS Update Service version 16.0.0.23212 | ||
| Schneider Electric IGSS Update Service v16.0.0.23211 and prior |
Timeline
- Sep 12, 2023 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-255-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-255-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-255-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-255-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://igss.schneider-electric.com/igss/igssupdates/v160/IGSSUPDATE.ZIP fix
- https://igss.schneider-electric.com/Files/Doc-Help/Security%20Guideline.pdf fix