Improper Memory Buffer Operation in Schneider Electric IGSS Definition
CVE-2021-22712

7.8HIGH

Key Information:

Vendor

Schneider Electric
Status
Interactive Graphical Scada System (igss) Definition (def.exe) V15.0.0.21041 And Prior
Vendor
CVE Published:
11 March 2021

What is CVE-2021-22712?

A critical vulnerability exists in Schneider Electric's Interactive Graphical SCADA System (IGSS) Definition, allowing for arbitrary read and write operations. This issue arises from an unchecked pointer address when importing malicious Configuration Group File (CGF) files. Consequently, attackers may exploit this weakness to manipulate data and potentially compromise system integrity, emphasizing the need for prompt mitigations and security updates.

Affected Version(s)

Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior

References

https://www.se.com/ww/en/download/document/SEVD-2021-068-01
x_refsource_MISC
https://download.schneider-electric.com/files?p_Doc_Ref=S...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.