CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6033
https://notcve.org/view.php?id=CVE-2017-6033
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. Se ha descubierto un problema de secuestro de DLL en el software Schneider Electric Interactive Graphical SCADA System (IGSS), versión 12 y versiones anteriores. El software ejecutará un archivo malicioso si se le asigna el mismo nombre que un archivo legítimo y se coloca en una ubicación anterior a la ruta de búsqueda. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-01 http://www.securityfocus.com/bid/97389 https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 65%CPEs: 2EXPL: 2CVE-2013-0657 – 7-Technologies IGSS 9 - Data Server/Collector Packet Handling
https://notcve.org/view.php?id=CVE-2013-0657
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. Desbordamiento de búfer basado en pila en Scheneider Electric Interactive Graphical SCADA System (IGSS) v10 y anteriores que permite a atacantes remotos ejecutar código arbitrario enviando datos por el puerto TCP 12397 que no cumplen con el protocolo. SEIG SCADA System version 9 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/17352 https://www.exploit-db.com/exploits/45218 http://igss.schneider-electric.com/igss/igssupdates/v100/progupdatesv100.zip http://igss.schneider-electric.com/igss/igssupdates/v90/progupdatesv90.zip http://www.us-cert.gov/control_systems/pdf/ICSA-13-018-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •