EUVD-2021-9937

Malicious code in bioql PyPI...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

CVE-2021-22805

Schneider Electric IGSS DC (dc.exe) up to v15.0.0.21243 is affected by CVE-2021-22805 (CWE-306) due to missing authentication for a critical function caused by lack of validation of network messages. This could allow a remote attacker to delete arbitrary files in the context of the running user. ...

CVE-2021-22802

Schneider Electric IGSS Data Collector (dc.exe), affected in IGSS v15.0.0.21243 and earlier, is vulnerable to a CWE-120 buffer overflow due to missing length checks on user-supplied data while processing a network-constructed message. This can lead to remote code execution with the dc.exe process...

CVE-2021-22803

Schneider Electric IGSS DC module (dc.exe, v15.0.0.21243 and prior) is affected by CVE-2021-22803: Unrestricted Upload of File with Dangerous Type, enabling remote code execution by writing arbitrary files to folders in the DC module context via network messages. Root cause: lack of validation du...

Schneider Electric IGSS dc.exe Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.exe process. The issue results...

Schneider Electric IGSS Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.exe process. The issue results from the...

7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability

7T Interactive Graphical SCADA System is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Schneider Electric Interactive Graphical SCADA System Data Collector Overflow

Added: 02/11/2013 CVE: CVE-2013-0657 BID: 57449 OSVDB: 89324 Background Schneider Electric Interactive Graphical SCADA System IGSS is a supervisory control and data acquisition SCADA system designed to monitor and control industrial processes. The Data Collector DC.exe component listens on port...

CVE-2011-1566

CVE-2011-1566 affects 7-Technologies IGSS (Interactive Graphical SCADA System); dc.exe (v9.00.00.11059 and earlier) is vulnerable to a directory-traversal flaw that allows remote code execution via crafted opcodes 0xa and 0x17 sent to TCP port 12397. The issue enables arbitrary program execution ...