CVE-2023-0595
moderate-risk
Published 2023-02-24
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)
Do I need to act?
-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Clearscada
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2019
Affected Vendors
49
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
27/34 · High