CVE-2023-22610 — Incorrect Authorization in Electric Ecostruxure GEO Scada Expert 2019 2021

CWE-863 — Incorrect Authorization CWE-285 — Improper Authorization3 documents3 sources

Severity

7.5HIGHNVD

CNA9.1

EPSS

0.5%

top 34.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure GEO Scada Expert 2019 2021 Schneider-electric Ecostruxure GEO Scada Expert 2019 Schneider-electric Ecostruxure GEO Scada Expert 2020 +1 more

Timeline

PublishedJan 31

Latest updateJul 6

Description

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5schneider_electric/ecostruxure_geo_scada_expert_2019_2021All — October 2022

▶NVDschneider-electric/ecostruxure_geo_scada_expert_201928 versions+27

▶NVDschneider-electric/ecostruxure_geo_scada_expert_202022 versions+21

▶NVDschneider-electric/ecostruxure_geo_scada_expert_20218 versions+7

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-xxmc-mjxm-2m5r: A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent↗2023-07-06

▶

CVEList

CVE-2023-22610: A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sen↗2023-01-31

▶