268 matches found
The vulnerability of the Data Server database in the interactive graphical SCADA system, allowing a intruder to execute arbitrary code.
The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted messages...
Schneider Electric IGSS Data Server Buffer Overflow Vulnerability
Schneider Electric IGSS Data Server is a data server for the Interactive Graphics Scada system from Schneider Electric France. prior to Schneider Electric IGSS Data Server version 15.0.0.22074 A buffer overflow vulnerability exists, which stems from the presence of a boundary error in the...
Schneider Electric IGSS Data Server alarm data buffer overflow vulnerability
The Schneider Electric Igss Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. A buffer overflow vulnerability exists in Schneider Electric IGSS Data Server versions prior to 15.0.0.22140, which stems from a boundary error when processing...
A binary vulnerability exists in IGSS (Interactive Graphical SCADA System)
IGSS Interactive Graphical SCADA System is an industrial control SCADA system from Schneider, which is used in various fields such as power, wastewater treatment, manufacturing, etc. A binary vulnerability exists in IGSS Interactive Graphical SCADA System, which can be exploited by attackers to...
Schneider Electric Interactive Graphical Scada System Integer Overflow Vulnerability
The Schneider Electric Interactive Graphical Scada System Igss is a Scada system for monitoring and controlling industrial processes from Schneider Electric, France. The Schneider Electric Interactive Graphical Scada System has an integer overflow vulnerability that can be exploited by an attacke...
Schneider Electric Interactive Graphical SCADA System Initialization Error Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An initialization error vulnerability exists in the Schneider Electric Interactive Graphical...
Schneider Electric Interactive Graphical SCADA System Path Traversal Vulnerability (CNVD-2022-13068)
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A path traversal vulnerability exists in the Schneider Electric Interactive Graphical SCADA...
Schneider Electric Interactive Graphical Scada System Out-of-Bounds Read Vulnerability (CNVD-2022-13070)
The Schneider Electric Interactive Graphical Scada System is a Scada system for monitoring industrial processes from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric Interactive Graphical Scada System, which can be exploited by an attacker to cause ...
CVE-2021-22805
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...
CVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...
CVE-2021-22805
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...
CVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...
CVE-2021-22804
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...
CVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...
Remote code execution
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...
Design/Logic Flaw
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...
Design/Logic Flaw
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...
Design/Logic Flaw
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...
CVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...