CVE-2022-24313

Published: Feb 9, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

Affected (1)

Products: Schneider Electric: Interactive Graphical Scada System Data Server

Schneider Electric

1 product

Interactive Graphical Scada System Data Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Interactive Graphical Scada System Data Server	Up to 15.0.0.22020

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01

Source: cybersecurity@se.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-325/

Source: cybersecurity@se.com

PatchThird Party Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-325/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.