Release of Invalid Pointer Vulnerability in IGSS Definition by Schneider Electric
CVE-2021-22760

7.8HIGH

What is CVE-2021-22760?

A vulnerability exists in IGSS Definition (Def.exe) that could result in loss of data or remote code execution due to insufficient validation of user-supplied input data. When a malicious CGF file is imported, the lack of necessary checks can lead to unintended behavior within the application, exposing systems to potential threats.

Affected Version(s)

IGSS Definition (Def.exe) V15.0.0.21140 and prior IGSS Definition (Def.exe) V15.0.0.21140 and prior

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.