Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric
CVE-2022-32525

9.8CRITICAL

Key Information:

Vendor
CVE Published:
30 January 2023

Summary

A vulnerability in the IGSS Data Server software allows attackers to exploit a flaw related to buffer copying, potentially leading to a stack-based buffer overflow. By sending specially crafted alarm data messages, an attacker could execute arbitrary remote code on affected systems running versions prior to V15.0.0.22170. This flaw poses significant risks to the integrity and confidentiality of the systems utilizing this software.

Affected Version(s)

IGSS Data Server (IGSSdataServer.exe) All

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.