Rewterz Threat Advisory – ICS: Schneider Electric IGSS Update Service Vulnerability

October 15, 2023

Severity

High

Analysis Summary

CVE-2023-4516

A missing authentication for critical function vulnerability that could allow a local attacker to change the update source exists in the IGSS Update Service, which could lead to remote code execution the attacker force an update containing malicious content.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2023-4516

Affected Vendors

Schneider Electric

Affected Products

Schneider Electric IGSS Update Service 16.0.0.23211

Remediation

Refer to Schneider Electric for patch, upgrade or suggested workaround information.

Schneider Electric

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us