Vulnerabilities > CVE-2021-22823 - Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

critical

NVD

Published: 2022-02-11

Updated: 2024-11-21

Summary

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Interactive Graphical Scada System Data Collector *	1

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01