CVE-2023-22611

HIGH

EcoStruxure Geo SCADA Expert 2019-2021 - Exposure of Sensitive Information via Database Server TCP Port

Title source: llm

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

References (1)

Core 1

Core References

Mitigation, Patch, Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 60.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (50)

schneider-electric/ecostruxure_geo_scada_expert_2019

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7268.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7322.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7429.2

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7457.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7488.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7522.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7545.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7578.1

schneider-electric/ecostruxure_geo_scada_expert_2019 81.7613.1

... and 40 more

Published Jan 31, 2023

Tracked Since Feb 18, 2026