Buffer Overflow Vulnerability in IGSS Data Server by Schneider Electric
CVE-2022-32525
9.8CRITICAL
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 30 January 2023
Summary
A vulnerability in the IGSS Data Server software allows attackers to exploit a flaw related to buffer copying, potentially leading to a stack-based buffer overflow. By sending specially crafted alarm data messages, an attacker could execute arbitrary remote code on affected systems running versions prior to V15.0.0.22170. This flaw poses significant risks to the integrity and confidentiality of the systems utilizing this software.
Affected Version(s)
IGSS Data Server (IGSSdataServer.exe) All
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved