Improper Pathname Limitation in Interactive Graphical SCADA System by Schneider Electric
CVE-2022-24312
9.8CRITICAL
Key Information:
- Vendor
Schneider Electric
- Vendor
- CVE Published:
- 9 February 2022
What is CVE-2022-24312?
The vulnerability allows an attacker to potentially modify existing files or create new ones within the context of the Data Server by sending specially crafted messages. This exploitation can lead to significant security risks, including remote code execution, posing a threat to the integrity and reliability of the interactive graphical SCADA systems.
Affected Version(s)
Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)