Out-of-bounds Write vulnerability in Schneider Electric's Interactive Graphical SCADA System
CVE-2019-6827

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Interactive Graphical Scada System (igss) Version 14 And Prior
Vendor: CVE Published:; 15 July 2019

Summary

An out-of-bounds write vulnerability exists in Schneider Electric's Interactive Graphical SCADA System, affecting Version 14 and earlier. This vulnerability can be exploited by manipulating data in the mdb database, potentially leading to a software crash. Organizations using affected versions are advised to assess their security posture and apply relevant updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Interactive Graphical SCADA System (IGSS) Version 14 and prior Interactive Graphical SCADA System (IGSS) Version 14 and prior

References

https://www.schneider-electric.com/ww/en/download/documen...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-19-671/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2019
Vulnerability Reserved
Jan 25, 2019