CVE-2023-0595

Name of the Vulnerable Software and Affected Versions EcoStruxure Geo SCADA Expert versions 2019 through 2021 prior to October 2022 ClearSCADA versions prior to October 2022

Description A vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). This issue is related to improper output neutralization for logs, which could allow a remote attacker to arbitrarily insert text records into log files or fill log files with incorrect data.

Recommendations For EcoStruxure Geo SCADA Expert versions 2019 through 2021 prior to October 2022, update to a version released after October 2022 to resolve the issue. For ClearSCADA versions prior to October 2022, update to a version released after October 2022 to resolve the issue. As a temporary workaround, consider restricting access to the database web port (default 443) to minimize the risk of exploitation.