Buffer Overflow Vulnerability in Schneider Electric's Interactive Graphical SCADA System
CVE-2021-22824

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21320 And Prior)
Vendor: CVE Published:; 11 February 2022

Summary

A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Collector that arises from a buffer overflow due to inadequate length checking on user-supplied data in messages received over the network. This flaw could be exploited to cause a denial of service, resulting in service interruptions. Users are urged to review the affected versions and apply any available patches to mitigate this vulnerability.

Affected Version(s)

Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
Jan 6, 2021