CVE-2023-0595

Summary

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricEcoStruxure Geo SCADA Expert 2019All <= October 2022affected
Schneider ElectricEcoStruxure Geo SCADA Expert 2020All <= October 2022affected
Schneider ElectricEcoStruxure Geo SCADA Expert 2021All <= October 2022affected
Schneider ElectricClearSCADAAll Versionsaffected

Weaknesses

  • CWE-117: CWE-117 Improper Output Neutralization for Logs

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References