CVE-2023-0595

Description

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected products

Schneider Electric / ClearSCADAAll Versions – All Versions
Schneider Electric / EcoStruxure Geo SCADA Expert 2019All – October 2022
Schneider Electric / EcoStruxure Geo SCADA Expert 2020All – October 2022
Schneider Electric / EcoStruxure Geo SCADA Expert 2021All – October 2022

References

MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-01.pdf