Vulnerabilities > Schneider Electric > Interactive Graphical Scada System Data Collector > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-22823 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 9.1 |
| 2022-02-11 | CVE-2021-22805 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 9.1 |
| 2022-02-11 | CVE-2021-22803 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. | 9.8 |
| 2022-02-11 | CVE-2021-22802 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. | 9.8 |