VYPR

IGSS

by Schneider Electric

CVEs (9)

  • CVE-2022-32526CriJan 30, 2023
    risk 0.64cvss 9.8epss 0.01

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server -…

  • CVE-2022-32525CriJan 30, 2023
    risk 0.64cvss 9.8epss 0.01

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server -…

  • CVE-2022-32524CriJan 30, 2023
    risk 0.64cvss 9.8epss 0.01

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server -…

  • CVE-2022-32523CriJan 30, 2023
    risk 0.64cvss 9.8epss 0.01

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server -…

  • CVE-2022-32522CriJan 30, 2023
    risk 0.64cvss 9.8epss 0.01

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS…

  • CVE-2020-7555HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7554HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7479HigMar 23, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the…

  • CVE-2020-7478HigMar 23, 2020
    risk 0.49cvss 7.5epss 0.04

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network…