Vulnerabilities > CVE-2022-24311 - Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

critical

NVD

Published: 2022-02-09

Updated: 2024-11-21

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Interactive Graphical Scada System Data Server *	1

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01
https://www.zerodayinitiative.com/advisories/ZDI-22-320/
https://www.zerodayinitiative.com/advisories/ZDI-22-320/