CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22824
https://notcve.org/view.php?id=CVE-2021-22824
11 Feb 2022 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Una CWE-120: Se presenta una vulnerabilidad de Copia del Búfer sin Comprobar el Tamaño de la Entrada que podría resultar en una denegación de servicio, debido a una falta de comprobación de la... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2021-22823
https://notcve.org/view.php?id=CVE-2021-22823
11 Feb 2022 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticación para una Función Crítica que podría causar el borrado de archivos arbitrarios en el contexto del usuario que ejecuta IGSS debido a... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2021-22802 – Schneider Electric IGSS Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22802
14 Oct 2021 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-120: Se presenta una vulnerabilidad de Copia del búfer sin Comprobar el Tamaño de la Entrada que podría resultar en una ejecución de código remota debido a una falta de comproba... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-22803 – Schneider Electric IGSS Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22803
14 Oct 2021 — A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-434: Se presenta una vulnerabilidad de Carga no Restringida de Archivos con Tipo Peligroso que podría conllevar a una ejecuc... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22804 – Schneider Electric IGSS dc.exe Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22804
14 Oct 2021 — A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido que podría causar la divulgación... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22805 – Schneider Electric IGSS Missing Authentication Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2021-22805
14 Oct 2021 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticación para una Función Crítica que podría causar el borrado de archivos arbitrarios en el contexto del usuario que ejecuta IGSS, debido ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-306: Missing Authentication for Critical Function •