Vulnerabilities > CVE-2022-32528 - Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

schneider-electric

critical

NVD

Published: 2023-01-30

Updated: 2024-11-21

Summary

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Interactive Graphical Scada System 9.0 Schneider Electric Interactive Graphical Scada System 10.0 Schneider Electric Interactive Graphical Scada System 12.0 Schneider Electric Interactive Graphical Scada System 13.0 Schneider Electric Interactive Graphical Scada System 13.0.0.19140 Schneider Electric Interactive Graphical Scada System 14.0 Schneider Electric Interactive Graphical Scada System 14.0.0.19120 Schneider Electric Interactive Graphical Scada System 14.0.0.20009 Schneider Electric Interactive Graphical Scada System 14.0.0.20247 Schneider Electric Interactive Graphical Scada System 15.0.0.22074	10

Summary

Vulnerable Configurations

References