CVE-2023-22610

Опубликовано: 31 янв. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 7.5

EPSS Низкий

Описание

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf
Mitigation
Patch
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:-:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7268.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7322.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7429.2:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7457.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7488.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7522.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7545.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7578.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7613.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7641.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7690.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7714.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7742.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7777.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7808.2:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7840.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7875.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7896.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7936.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.7980.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8015.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8108.2:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8122.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8155.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8172.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8197.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8220.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2019:81.8267.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:-:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7551.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7578.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7613.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7641.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7692.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7717.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7742.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7787.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7809.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7840.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7875.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7913.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7936.2:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.7980.2:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8017.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8108.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8122.2:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8155.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8181.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8197.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8221.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2020:83.8267.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:-:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8027.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8108.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8120.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8158.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8182.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8197.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8218.1:*:*:*:*:*:*:*

cpe:2.3:a:schneider-electric:ecostruxure_geo_scada_expert_2021:84.8269.1:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.0022

Низкий

9.1 Critical

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

NVD-CWE-Other

Связанные уязвимости

GHSA-xxmc-mjxm-2m5r

CVSS3: 7.5

github

около 2 лет назад

A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).

BDU:2023-00072

CVSS3: 9.1

fstec

больше 2 лет назад

Уязвимость SCADA-систем EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2019, связанная с ошибками разграничения доступа, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 45%

0.0022

Низкий

9.1 Critical

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

NVD-CWE-Other