Vulnerabilities > CVE-2021-22755 - Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

CWE-787

NVD

Published: 2021-06-11

Updated: 2021-06-15

Summary

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Interactive Graphical Scada System 9.0 Schneider Electric Interactive Graphical Scada System 10.0 Schneider Electric Interactive Graphical Scada System 12.0 Schneider Electric Interactive Graphical Scada System 13.0 Schneider Electric Interactive Graphical Scada System 13.0.0.19140 Schneider Electric Interactive Graphical Scada System 14.0 Schneider Electric Interactive Graphical Scada System 14.0.0.19120 Schneider Electric Interactive Graphical Scada System 14.0.0.20009 Schneider Electric Interactive Graphical Scada System 14.0.0.20247	9

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01