CVE-2023-4516
published 2023-09-14CVE-2023-4516: A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update
Service that could allow a local attacker to change update source, potentially leading to remote
code execution when the attacker force an update containing malicious content.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | interactive_graphical_scada_system | <= 16.0.0.23211 | — |
| schneider_electric | igss_update_service | — | — |