CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9967
https://notcve.org/view.php?id=CVE-2017-9967
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security. Existe una vulnerabilidad de configuración de seguridad errónea en Schneider Electric's IGSS SCADA Software, en versiones 12 y anteriores. Las opciones de configuración de seguridad como Address Space Layout Randomization (ASLR) y Data Execution Prevention (DEP) no se configuraron correctamente, lo que resultaba en una seguridad débil. • http://www.securityfocus.com/bid/103022 https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6033
https://notcve.org/view.php?id=CVE-2017-6033
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. Se ha descubierto un problema de secuestro de DLL en el software Schneider Electric Interactive Graphical SCADA System (IGSS), versión 12 y versiones anteriores. El software ejecutará un archivo malicioso si se le asigna el mismo nombre que un archivo legítimo y se coloca en una ubicación anterior a la ruta de búsqueda. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-01 http://www.securityfocus.com/bid/97389 https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 70%CPEs: 2EXPL: 2CVE-2013-0657 – 7-Technologies IGSS 9 - Data Server/Collector Packet Handling
https://notcve.org/view.php?id=CVE-2013-0657
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. Desbordamiento de búfer basado en pila en Scheneider Electric Interactive Graphical SCADA System (IGSS) v10 y anteriores que permite a atacantes remotos ejecutar código arbitrario enviando datos por el puerto TCP 12397 que no cumplen con el protocolo. SEIG SCADA System version 9 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/17352 https://www.exploit-db.com/exploits/45218 http://igss.schneider-electric.com/igss/igssupdates/v100/progupdatesv100.zip http://igss.schneider-electric.com/igss/igssupdates/v90/progupdatesv90.zip http://www.us-cert.gov/control_systems/pdf/ICSA-13-018-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •