Lucene search
+L

268 matches found

BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.6 views

The vulnerability of the Data Server database in the interactive graphical SCADA system, allowing a intruder to execute arbitrary code.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted messages...

10CVSS8.2AI score0.01258EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/06/24 12:0 a.m.16 views

Schneider Electric IGSS Data Server Buffer Overflow Vulnerability

Schneider Electric IGSS Data Server is a data server for the Interactive Graphics Scada system from Schneider Electric France. prior to Schneider Electric IGSS Data Server version 15.0.0.22074 A buffer overflow vulnerability exists, which stems from the presence of a boundary error in the...

9.8CVSS3.6AI score0.01204EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/22 12:0 a.m.40 views

Schneider Electric IGSS Data Server alarm data buffer overflow vulnerability

The Schneider Electric Igss Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. A buffer overflow vulnerability exists in Schneider Electric IGSS Data Server versions prior to 15.0.0.22140, which stems from a boundary error when processing...

9.8CVSS8.1AI score0.01258EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/24 12:0 a.m.19 views

A binary vulnerability exists in IGSS (Interactive Graphical SCADA System)

IGSS Interactive Graphical SCADA System is an industrial control SCADA system from Schneider, which is used in various fields such as power, wastewater treatment, manufacturing, etc. A binary vulnerability exists in IGSS Interactive Graphical SCADA System, which can be exploited by attackers to...

3.5AI score
Exploits0
CNVD
CNVD
added 2022/02/18 12:0 a.m.25 views

Schneider Electric Interactive Graphical Scada System Integer Overflow Vulnerability

The Schneider Electric Interactive Graphical Scada System Igss is a Scada system for monitoring and controlling industrial processes from Schneider Electric, France. The Schneider Electric Interactive Graphical Scada System has an integer overflow vulnerability that can be exploited by an attacke...

9.8CVSS9.7AI score0.02227EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.27 views

Schneider Electric Interactive Graphical SCADA System Initialization Error Vulnerability

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An initialization error vulnerability exists in the Schneider Electric Interactive Graphical...

7.5CVSS7.2AI score0.01273EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/13 12:0 a.m.23 views

Schneider Electric Interactive Graphical SCADA System Path Traversal Vulnerability (CNVD-2022-13068)

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A path traversal vulnerability exists in the Schneider Electric Interactive Graphical SCADA...

9.8CVSS9.7AI score0.03463EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/13 12:0 a.m.24 views

Schneider Electric Interactive Graphical Scada System Out-of-Bounds Read Vulnerability (CNVD-2022-13070)

The Schneider Electric Interactive Graphical Scada System is a Scada system for monitoring industrial processes from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric Interactive Graphical Scada System, which can be exploited by an attacker to cause ...

7.5CVSS7.3AI score0.18178EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.27 views

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

9.1CVSS0.0085EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.33 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.8CVSS0.01943EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.4 views

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

9.1CVSS5.9AI score0.0085EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.25 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.5CVSS0.14241EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.5 views

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

7.5CVSS5.9AI score0.01294EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.21 views

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

9.8CVSS0.20165EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Remote code execution

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

7.5CVSS9.6AI score0.20165EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Design/Logic Flaw

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

5CVSS7.4AI score0.14241EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.18 views

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

5CVSS7.4AI score0.01294EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Design/Logic Flaw

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

7.5CVSS9.6AI score0.01943EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.13 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

5CVSS9.1AI score0.21388EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.31 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.7AI score0.14241EPSS
Exploits0References1
Rows per page
Query Builder