A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Feb 2022, 15:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_collector:*:*:*:*:*:*:*:* | |
First Time |
Schneider-electric
Schneider-electric interactive Graphical Scada System Data Collector |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 - Patch, Vendor Advisory |
11 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-11 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-22804
Mitre link : CVE-2021-22804
CVE.ORG link : CVE-2021-22804
JSON object : View
Products Affected
schneider-electric
- interactive_graphical_scada_system_data_collector
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')