A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
CPE | Name | Operator | Version |
---|---|---|---|
interactive_graphical_scada_system | ge | 14.0 | |
interactive_graphical_scada_system | lt | 14.0.0.20009 |