Filtered by vendor Schneider-electric
Subscribe
Filtered by product Interactive Graphical Scada System
Subscribe
Total
43 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 7.8 HIGH |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | |||||
CVE-2022-2329 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) | |||||
CVE-2022-24324 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) | |||||
CVE-2022-32523 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32527 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32529 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32526 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32528 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.1 CRITICAL |
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32524 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32525 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2022-32522 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | |||||
CVE-2021-22750 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. | |||||
CVE-2021-22751 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
CVE-2021-22757 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | |||||
CVE-2021-22753 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. | |||||
CVE-2021-22759 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition. | |||||
CVE-2021-22761 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. | |||||
CVE-2021-22758 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | |||||
CVE-2021-22752 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. | |||||
CVE-2021-22762 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. |