CVE-2023-22611

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Ecostruxure GEO Scada Expert 2019 - 2021 (formerly Known AS Clearscada)Schneider-electric Ecostruxure GEO Scada Expert 2019 Schneider-electric Ecostruxure GEO Scada Expert 2020 +1 more

Timeline

PublishedJan 31

Latest updateJul 6

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5schneider_electric/ecostruxure_geo_scada_expert_2019_-_2021_(formerly_known_as_clearscada)All — October 2022

▶NVDschneider-electric/ecostruxure_geo_scada_expert_201928 versions+27

▶NVDschneider-electric/ecostruxure_geo_scada_expert_20218 versions+7

▶NVDschneider-electric/ecostruxure_geo_scada_expert_202022 versions+21

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-fp8q-744c-xpg4: A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messa↗2023-07-06

▶

CVEList

CVE-2023-22611: A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messa↗2023-01-31

▶