Vulnerabilities > CVE-2022-32522 - Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

critical

NVD

Published: 2023-01-30

Updated: 2024-11-21

Summary

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Interactive Graphical Scada System 9.0 Schneider Electric Interactive Graphical Scada System 10.0 Schneider Electric Interactive Graphical Scada System 12.0 Schneider Electric Interactive Graphical Scada System 13.0 Schneider Electric Interactive Graphical Scada System 13.0.0.19140 Schneider Electric Interactive Graphical Scada System 14.0 Schneider Electric Interactive Graphical Scada System 14.0.0.19120 Schneider Electric Interactive Graphical Scada System 14.0.0.20009 Schneider Electric Interactive Graphical Scada System 14.0.0.20247 Schneider Electric Interactive Graphical Scada System 15.0.0.22074	10

Summary

Vulnerable Configurations

References