Remote Code Execution Vulnerability in Schneider Electric Interactive Graphical SCADA System
CVE-2021-22802

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21243 And Prior)
Vendor: CVE Published:; 11 February 2022

Summary

A vulnerability has been identified in Schneider Electric's Interactive Graphical SCADA System, specifically in the Data Collector (dc.exe). This flaw allows for remote code execution due to a missing length check on user-supplied data when a crafted message is received over the network. Malicious actors could exploit this weakness, potentially leading to unauthorized system access and manipulation.

Affected Version(s)

Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
Jan 6, 2021