Stack overflow

2023-01-3023:15:00

PRIOn knowledge base

www.prio-n.com

buffer overflow

igss data server

remote code execution

cwe-120

nvd

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

CPENameOperatorVersion
interactive_graphical_scada_systemle15.0.0.22170

CPE	Name	Operator	Version
	interactive_graphical_scada_system	le	15.0.0.22170

References

download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf