Detections
Analytics

Schneider Electric EcoStruxure Geo SCADA Expert Multiple Vulnerabilities (SEVD-2023-010-02)

critical Nessus Plugin ID 216851

Synopsis

An OT product is affected by multiple vulnerabilities.

Description

The version of Schneider Electric EcoStruxure Geo SCADA Expert running on the remote host is affected by multiple vulnerabilities :

 - An incorrect authorization vulnerability that could cause denial of service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. (CVE-2023-22610)

 - An information disclosure vulnerability that could cause exposure of sensitive information when specific messages are sent to the server over the database server TCP port. (CVE-2023-22611)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Install the October 2022 update, or later.

See Also

http://www.nessus.org/u?6da4fc19

Plugin Details

Severity: Critical

ID: 216851

File Name: schneider_electric_ecostruxure_geo_scada_expert_sevd-2023-010-02.nbin

Version: 1.1

Type: remote

Family: SCADA

Published: 2/26/2025

Updated: 2/26/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2023-22610

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vulnerability Information

CPE: cpe:/a:schneider-electric:ecostruxure_geo_scada_expert

Required KB Items: installed_sw/Schneider Electric EcoStruxure Geo SCADA Expert Web Server

Patch Publication Date: 1/10/2023

Vulnerability Publication Date: 1/10/2023

Reference Information

CVE: CVE-2023-22610, CVE-2023-22611