CVE-2023-0595

MEDIUM

EcoStruxure Geo SCADA Expert <October 2022 - Info Disclosure

Title source: llm

Description

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)

References (1)

[Various Sources] https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-01.pdf

Scores

CVSS v3 5.3

EPSS 0.0035

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-116 CWE-117

Status published

Products (50)

schneider-electric/clearscada

schneider-electric/ecostruxure_geo_scada_expert_2019

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7268.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7322.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7429.2

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7457.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7488.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7522.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7545.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7578.1

... and 40 more

Published Feb 24, 2023

Tracked Since Feb 18, 2026