Vulnerabilities > Schneider Electric > Interactive Graphical Scada System > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-14 | CVE-2023-4516 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | 7.8 |
2020-03-23 | CVE-2020-7479 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System 14.0/14.0.0.19120 A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. | 7.8 |
2020-03-23 | CVE-2020-7478 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System 14.0/14.0.0.19120 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. | 7.5 |
2019-07-15 | CVE-2019-6827 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. | 7.8 |