← Back

Interactive Graphical Scada System Data Collector

interactive_graphical_scada_system_data_collector

Vendor: Schneider Electric • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-22824
1Schneider Electric
1Interactive Graphical Scada System Data Collector
Nov 21, 2024
Feb 11, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Aff...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)Show less
CVE-2021-22823
1Schneider Electric
1Interactive Graphical Scada System Data Collector
Nov 21, 2024
Feb 11, 2022
N/A· v4
9.1 CRITICAL· v3
5.0 MEDIUM· v2
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Pr...Show more
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)Show less
CVE-2021-22805
1Schneider Electric
1Interactive Graphical Scada System Data Collector
Nov 21, 2024
Feb 11, 2022
N/A· v4
9.1 CRITICAL· v3
5.0 MEDIUM· v2
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Pr...Show more
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)Show less
CVE-2021-22804
1Schneider Electric
1Interactive Graphical Scada System Data Collector
Nov 21, 2024
Feb 11, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of u...Show more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)Show less
CVE-2021-22803
1Schneider Electric
1Interactive Graphical Scada System Data Collector
Nov 21, 2024
Feb 11, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC...Show more
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)Show less
CVE-2021-22802
1Schneider Electric
1Interactive Graphical Scada System Data Collector
Nov 21, 2024
Feb 11, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the netwo...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)Show less