Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-22804 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. | 7.5 |
| 2022-02-11 | CVE-2021-22806 | Unspecified vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. | 7.5 |
| 2022-02-11 | CVE-2021-22824 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. | 7.5 |
| 2022-02-09 | CVE-2021-22817 | Incorrect Default Permissions vulnerability in Schneider-Electric products A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. | 7.8 |
| 2022-02-09 | CVE-2022-22807 | Unspecified vulnerability in Schneider-Electric products A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. | 7.4 |
| 2022-02-09 | CVE-2022-22808 | Unspecified vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. | 8.8 |
| 2022-02-09 | CVE-2022-22811 | Unspecified vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. | 8.1 |
| 2022-02-09 | CVE-2022-24314 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. | 7.5 |
| 2022-02-09 | CVE-2022-24315 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. | 7.5 |
| 2022-02-09 | CVE-2022-24316 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. | 7.5 |