Out-of-Bounds Write Vulnerability in IGSS Definition by Schneider Electric
CVE-2020-7551

7.8HIGH

Key Information:

Vendor: Schneider Electric
Status: Igss Definition (def.exe) Version 14.0.0.20247
Vendor: CVE Published:; 19 November 2020

Summary

An Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247. This flaw can enable an attacker to execute arbitrary code remotely by importing a malicious Configuration Group File (CGF) into the IGSS Definition system.

Affected Version(s)

IGSS Definition (Def.exe) version 14.0.0.20247 IGSS Definition (Def.exe) version 14.0.0.20247

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-03/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
Jan 21, 2020