Lucene search
K

268 matches found

Cvelist
Cvelist
added 2022/02/11 5:40 p.m.19 views

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

9.3AI score0.21388EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 5:40 p.m.54 views

CVE-2021-22823

CVE-2021-22823 affects Schneider Electric IGSS Interactive Graphical SCADA System Data Collector (dc.exe) on v15.0.0.21320 and earlier. It is a CWE-306 Missing Authentication for Critical Function vulnerability caused by lack of validation of network messages, which could lead to deletion of arbi...

9.1CVSS9.1AI score0.21388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.16 views

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

7.5AI score0.01294EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 5:40 p.m.75 views

CVE-2021-22802

Schneider Electric IGSS Data Collector (dc.exe), affected in IGSS v15.0.0.21243 and earlier, is vulnerable to a CWE-120 buffer overflow due to missing length checks on user-supplied data while processing a network-constructed message. This can lead to remote code execution with the dc.exe process...

9.8CVSS9.6AI score0.20165EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/11 5:40 p.m.81 views

CVE-2021-22803

Schneider Electric IGSS DC module (dc.exe, v15.0.0.21243 and prior) is affected by CVE-2021-22803: Unrestricted Upload of File with Dangerous Type, enabling remote code execution by writing arbitrary files to folders in the DC module context via network messages. Root cause: lack of validation du...

9.8CVSS9.6AI score0.01943EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.25 views

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

9.9AI score0.20165EPSS
Exploits0References1
NVD
NVD
added 2022/02/09 11:15 p.m.21 views

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

9.8CVSS0.03463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.5 views

CVE-2022-24311

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...

9.8CVSS7.9AI score0.03505EPSS
Exploits0References3
NVD
NVD
added 2022/02/09 11:15 p.m.14 views

CVE-2022-24314

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS0.18178EPSS
Exploits0References1
NVD
NVD
added 2022/02/09 11:15 p.m.22 views

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS0.01273EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 11:15 p.m.19 views

CVE-2022-24310

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Serv...

9.8CVSS0.02227EPSS
Exploits0References1
NVD
NVD
added 2022/02/09 11:15 p.m.20 views

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS0.01206EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 11:15 p.m.21 views

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5CVSS0.19255EPSS
Exploits0References2
OSV
OSV
added 2022/02/09 11:15 p.m.2 views

CVE-2022-24311

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...

9.8CVSS7.8AI score0.03505EPSS
Exploits0References2
Prion
Prion
added 2022/02/09 11:15 p.m.16 views

Out-of-bounds

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

5CVSS7.7AI score0.18178EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.15 views

Stack overflow

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020...

7.5CVSS9.8AI score0.44559EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.19 views

Authorization

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

5CVSS7.4AI score0.01206EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.19 views

Integer overflow

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Serv...

7.5CVSS9.6AI score0.02227EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.21 views

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...

7.5CVSS9.6AI score0.03505EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/09 11:15 p.m.14 views

Out-of-bounds

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

5CVSS7.4AI score0.19255EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder