CVE-2021-22711 – Schneider Electric IGSS CGF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22711
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data. Una CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, que podría resultar en condiciones de lectura o escritura arbitrarias cuando un archivo CGF (Configuration Group File) malicioso es importado para IGSS Definition debido a una falta de comprobación de los datos de entrada This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 https://www.se.com/ww/en/download/document/SEVD-2021-068-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-22712 – Schneider Electric IGSS CGF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22712
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address. Una CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, que podría resultar en condiciones de lectura o escritura arbitrarias cuando un archivo CGF (Configuration Group File) malicioso es importado a una IGSS Definition debido a una dirección de puntero no marcada This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 https://www.se.com/ww/en/download/document/SEVD-2021-068-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-22710 – Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22710
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Una CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, que podría causar una ejecución de código remota cuando un archivo CGF (Configuration Group File) es importado para IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 https://www.se.com/ww/en/download/document/SEVD-2021-068-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-22709 – Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22709
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Una CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, lo que podría resultar en la pérdida de datos o una ejecución de código remota cuando es importado un archivo CGF (Configuration Group File) malicioso para IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 https://www.se.com/ww/en/download/document/SEVD-2021-068-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-22701
https://notcve.org/view.php?id=CVE-2021-22701
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery en PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 y PM800 (consulte la notificación para las versiones afectadas), que podría causar que un usuario lleve a cabo una acción no deseada en el dispositivo de destino cuando se usa la interfaz web HTTP • https://www.se.com/ww/en/download/document/SEVD-2021-040-01 • CWE-352: Cross-Site Request Forgery (CSRF) •