CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4516
https://notcve.org/view.php?id=CVE-2023-4516
14 Sep 2023 — A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. Existe una vulnerabilidad "CWE-306: Autenticación Faltante para Funciones Críticas" en el servicio de actualización IGSS que podría permitir a un atacante local cambiar la fuente de actualización, lo que podría provocar la ejecución remota ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-255-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-255-01.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2022-2329
https://notcve.org/view.php?id=CVE-2022-2329
01 Feb 2023 — A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-102-01_IGSS_Security_Notification_V2.0.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2022-24324
https://notcve.org/view.php?id=CVE-2022-24324
01 Feb 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-102-01_IGSS_Security_Notification_V2.0.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2022-32526
https://notcve.org/view.php?id=CVE-2022-32526
30 Jan 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría provocar un desbordamiento de búfer en la región stack de la memoria, lo que podría prov... • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2022-32529
https://notcve.org/view.php?id=CVE-2022-32529
30 Jan 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría provocar un desbordamiento de búfer en la región stack de la memoria, lo que podría p... • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32528
https://notcve.org/view.php?id=CVE-2022-32528
30 Jan 2023 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGS... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-165-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2022-32522
https://notcve.org/view.php?id=CVE-2022-32522
30 Jan 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría causar un desbordamiento de búfer en la región stack de la memoria... • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2022-32524
https://notcve.org/view.php?id=CVE-2022-32524
30 Jan 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría causar un desbordamiento de búfer en la región stack de la memoria, lo que podría co... • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2022-32525
https://notcve.org/view.php?id=CVE-2022-32525
30 Jan 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría provocar un desbordamiento de búfer en la región stack de la memoria, lo que podría provoca... • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2022-32527
https://notcve.org/view.php?id=CVE-2022-32527
30 Jan 2023 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Existe una vulnerabilidad CWE-120: copia del búfer sin comprobar el tamaño de la entrada que podría causar un desbordamiento de búfer en la región stack de la memoria, lo que podría con... • https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •