CVE-2021-22753 – Schneider Electric IGSS WSP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22753
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. Un CWE-125: Se presenta una vulnerabilidad de lectura fuera de límites en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores, que podría resultar en la pérdida de datos o una ejecución de código remota debido a una falta de comprobaciones de longitud, cuando un archivo WSP malicioso está siendo analizado por IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-125: Out-of-bounds Read •
CVE-2021-22752 – Schneider Electric IGSS WSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22752
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. Un CWE-787: Se presenta una vulnerabilidad de escritura fuera de límites en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores, que podría resultar en la pérdida de datos o una ejecución de código remota debido a una falta de comprobaciones de tamaño, cuando un archivo WSP (espacio de trabajo) malicioso está siendo analizado por IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-787: Out-of-bounds Write •
CVE-2021-22762 – Schneider Electric IGSS WSP and CGF File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22762
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. Un CWE-22: Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores, que podría resultar en una ejecución de código remota, cuando un archivo CGF o WSP malicioso está siendo analizado por IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WSP and CGF files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-22750 – Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22750
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. Un CWE-787: Se presenta una vulnerabilidad de escritura fuera de límites en IGSS Definition (Def.exe) versiones V15.0.0.21041 y anteriores que podría resultar en la pérdida de datos o una ejecución de código remota debido a una falta de comprobaciones de longitud, cuando es importado un archivo CGF malicioso a IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-787: Out-of-bounds Write •
CVE-2021-22711 – Schneider Electric IGSS CGF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22711
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data. Una CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, que podría resultar en condiciones de lectura o escritura arbitrarias cuando un archivo CGF (Configuration Group File) malicioso es importado para IGSS Definition debido a una falta de comprobación de los datos de entrada This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 https://www.se.com/ww/en/download/document/SEVD-2021-068-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •