Lucene search
+L

7 matches found

NVD
NVD
added 2022/02/11 6:15 p.m.27 views

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

9.1CVSS0.0085EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Design/Logic Flaw

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

5CVSS7.4AI score0.14241EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Remote code execution

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

7.5CVSS9.6AI score0.20165EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.19 views

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

5CVSS7.4AI score0.01294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.31 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.7AI score0.14241EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.16 views

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

7.5AI score0.01294EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 5:40 p.m.76 views

CVE-2021-22802

Schneider Electric IGSS Data Collector (dc.exe), affected in IGSS v15.0.0.21243 and earlier, is vulnerable to a CWE-120 buffer overflow due to missing length checks on user-supplied data while processing a network-constructed message. This can lead to remote code execution with the dc.exe process...

9.8CVSS9.6AI score0.20165EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder