CVE-2023-0595

Description

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)

References

Link	Tags
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-01.pdf

Frequently Asked Questions

What is the severity of CVE-2023-0595?: CVE-2023-0595 has been scored as a medium severity vulnerability.
How to fix CVE-2023-0595?: To fix CVE-2023-0595, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-0595 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-0595 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0595?: CVE-2023-0595 affects Schneider Electric EcoStruxure Geo SCADA Expert 2019, Schneider Electric EcoStruxure Geo SCADA Expert 2020, Schneider Electric EcoStruxure Geo SCADA Expert 2021, Schneider Electric ClearSCADA .

Description

Categories

CWE-117 – Improper Output Neutralization for Logs

CWE-116 – Improper Encoding or Escaping of Output

References

Frequently Asked Questions