CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7551 – Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7551
A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Se presenta una vulnerabilidad de Escritura Fuera de Límites CWE-787 en IGSS Definition (Def.exe) versión 14.0.0.20247 que podría causar una Ejecución de Código Remota cuando se importa un archivo CGF (Configuration Group File) malicioso en IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.se.com/ww/en/download/document/SEVD-2020-315-03 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7550 – Schneider Electric IGSS CGF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7550
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. Se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria CWE-119 en IGSS Definition (Def.exe) versión 14.0.0.20247 y anteriores que podría causar una Ejecución de Código Remota cuando se importa un archivo CGF (Configuration Group File) malicioso a IGSS Definición This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.se.com/ww/en/download/document/SEVD-2020-315-03 https://www.zerodayinitiative.com/advisories/ZDI-21-092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6827 – Schneider Electric IGSS MDB Database BaseUnits UnitIdx Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6827
A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. Una CWE-787: Existe una vulnerabilidad de escritura fuera de límites en Interactive Graphical SCADA System (IGSS), versión 14 y anteriores, que podría causar un bloqueo del software cuando son manipulados los datos en la base de datos mdb. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within use of the UnitIdx data in the BaseUnits table. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-02 https://www.zerodayinitiative.com/advisories/ZDI-19-671 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9967
https://notcve.org/view.php?id=CVE-2017-9967
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security. Existe una vulnerabilidad de configuración de seguridad errónea en Schneider Electric's IGSS SCADA Software, en versiones 12 y anteriores. Las opciones de configuración de seguridad como Address Space Layout Randomization (ASLR) y Data Execution Prevention (DEP) no se configuraron correctamente, lo que resultaba en una seguridad débil. • http://www.securityfocus.com/bid/103022 https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6033
https://notcve.org/view.php?id=CVE-2017-6033
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. Se ha descubierto un problema de secuestro de DLL en el software Schneider Electric Interactive Graphical SCADA System (IGSS), versión 12 y versiones anteriores. El software ejecutará un archivo malicioso si se le asigna el mismo nombre que un archivo legítimo y se coloca en una ubicación anterior a la ruta de búsqueda. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-01 http://www.securityfocus.com/bid/97389 https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01 • CWE-427: Uncontrolled Search Path Element •