CVE-2020-7550 – Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7550
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria CWE-119 en IGSS Definition (Def.exe) versión 14.0.0.20247 y anteriores que podría causar una Ejecución de Código Remota cuando se importa un archivo CGF (Configuration Group File) malicioso a IGSS Definición This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.se.com/ww/en/download/document/SEVD-2020-315-03 https://www.zerodayinitiative.com/advisories/ZDI-21-092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-7479 – Schneider Electric IGSS IGSSupdateservice Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-7479
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. Una CWE-306: Una vulnerabilidad de Falta de Autenticación para la Función Crítica en IGSS (Versiones 14 y anteriores usando el servicio: IGSSupdate), lo que podría permitir a un usuario local ejecutar procesos que de otro manera requerirían una escalada de privilegios cuando se envían comandos de red local al IGSS Update Service. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IGSSupdateservice service, which listens on TCP port 12414 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.se.com/ww/en/download/document/SEVD-2020-070-01 https://www.zerodayinitiative.com/advisories/ZDI-20-370 • CWE-306: Missing Authentication for Critical Function •
CVE-2020-7478 – Schneider Electric IGSS IGSSupdateservice Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-7478
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. Una CWE-22: Se presenta una Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido en IGSS (Versiones 14 y anteriores al uso del servicio: IGSSupdate), lo que podría permitir a un atacante remoto no autenticado leer archivos arbitrarios desde la PC del servidor IGSS en una red sin restricciones o compartida cuando el IGSS Update Service está habilitado. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSupdateservice service, which listens on TCP port 12414 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.se.com/ww/en/download/document/SEVD-2020-070-01 https://www.zerodayinitiative.com/advisories/ZDI-20-371 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-6827 – Schneider Electric IGSS MDB Database BaseUnits UnitIdx Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6827
A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. Una CWE-787: Existe una vulnerabilidad de escritura fuera de límites en Interactive Graphical SCADA System (IGSS), versión 14 y anteriores, que podría causar un bloqueo del software cuando son manipulados los datos en la base de datos mdb. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within use of the UnitIdx data in the BaseUnits table. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-02 https://www.zerodayinitiative.com/advisories/ZDI-19-671 • CWE-787: Out-of-bounds Write •
CVE-2017-9967
https://notcve.org/view.php?id=CVE-2017-9967
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security. Existe una vulnerabilidad de configuración de seguridad errónea en Schneider Electric's IGSS SCADA Software, en versiones 12 y anteriores. Las opciones de configuración de seguridad como Address Space Layout Randomization (ASLR) y Data Execution Prevention (DEP) no se configuraron correctamente, lo que resultaba en una seguridad débil. • http://www.securityfocus.com/bid/103022 https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01 •