Lucene search
K

86 matches found

BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.7 views

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System (IGSS) allows a intruder to execute arbitrary code.

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System IGSS is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.6AI score0.31861EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.9 views

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises due to an incorrect restriction on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.

The vulnerability of the Interactive Graphical SCADA System IGSS exists due to an incorrect restriction on the name of the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created...

10CVSS8.2AI score0.03463EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/11 12:0 a.m.8 views

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises due to an incorrect restriction on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.

The vulnerability of the Interactive Graphical SCADA System IGSS exists due to an incorrect restriction on the name of the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created...

10CVSS8.2AI score0.03505EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/11 6:15 p.m.3 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.8CVSS6.4AI score0.01943EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.3 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.5CVSS5.8AI score0.14241EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.6 views

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

9.8CVSS6.4AI score0.20165EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.33 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.8CVSS0.01943EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Remote code execution

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

7.5CVSS9.6AI score0.20165EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.13 views

Design/Logic Flaw

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

5CVSS7.4AI score0.14241EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Design/Logic Flaw

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

7.5CVSS9.6AI score0.01943EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.16 views

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

5CVSS7.4AI score0.01294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.30 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.7AI score0.14241EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.26 views

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

9.9AI score0.20165EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.22 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.9AI score0.01943EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 5:40 p.m.82 views

CVE-2021-22803

Schneider Electric IGSS DC module (dc.exe, v15.0.0.21243 and prior) is affected by CVE-2021-22803: Unrestricted Upload of File with Dangerous Type, enabling remote code execution by writing arbitrary files to folders in the DC module context via network messages. Root cause: lack of validation du...

9.8CVSS9.6AI score0.01943EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/02/11 12:0 a.m.6 views

Schneider Electric Interactive Graphical SCADA System 缓冲区错误漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A buffer error vulnerability exists in the Schneider Electric Interactive Graphical SCADA...

7.5CVSS7.5AI score0.14241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.7 views

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS7.1AI score0.19255EPSS
Exploits0References3
NVD
NVD
added 2022/02/09 11:15 p.m.23 views

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS0.01273EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 11:15 p.m.22 views

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS0.19255EPSS
Exploits0References2
OSV
OSV
added 2022/02/09 11:15 p.m.4 views

CVE-2022-24313

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020...

9.8CVSS8.1AI score0.44559EPSS
Exploits0References2
Rows per page
Query Builder