From 25766515f8a1b541d67221fdc6af2ec5f5fd0d5b Mon Sep 17 00:00:00 2001 From: Girish Kolla Date: Tue, 21 Mar 2023 18:22:29 +0530 Subject: [PATCH] update to CVE-2023-27983 --- 2023/27xxx/CVE-2023-27983.json | 103 +++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 6 deletions(-) diff --git a/2023/27xxx/CVE-2023-27983.json b/2023/27xxx/CVE-2023-27983.json index 173abe54e14..a319537a4cd 100644 --- a/2023/27xxx/CVE-2023-27983.json +++ b/2023/27xxx/CVE-2023-27983.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@se.com", "ID": "CVE-2023-27983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IGSS Data Server(IGSSdataServer.exe)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V", + "version_value": "16.0.0.23040" + } + ] + } + }, + { + "product_name": "IGSS Dashboard (DashBoard.exe)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V", + "version_value": "16.0.0.23040" + } + ] + } + }, + { + "product_name": "Custom Reports (RMS16.dll)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V", + "version_value": "16.0.0.23040" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file