Schneider Electric IGSS Update Service Remote Code Execution Vulnerability

description-logoDescription

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.

affected-products-logoAffected Applications

IGSS Update Service

CVE References

CVE-2023-4516