VYPR

Interactive Graphical SCADA System

by Schneider Electric

CVEs (15)

  • CVE-2017-6033HigApr 7, 2017
    risk 0.51cvss 7.8epss 0.01

    A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in…

  • CVE-2013-0657Jan 21, 2013
    risk 0.05cvss epss 0.21

    Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

  • CVE-2022-24313Feb 9, 2022
    risk 0.01cvss epss 0.45

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data…

  • CVE-2021-22824Feb 11, 2022
    risk 0.00cvss epss 0.14

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data…

  • CVE-2021-22823Feb 11, 2022
    risk 0.00cvss epss 0.21

    A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector…

  • CVE-2021-22805Feb 11, 2022
    risk 0.00cvss epss 0.01

    A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector…

  • CVE-2022-24317Feb 9, 2022
    risk 0.00cvss epss 0.01

    A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

  • CVE-2022-24316Feb 9, 2022
    risk 0.00cvss epss 0.01

    A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

  • CVE-2022-24315Feb 9, 2022
    risk 0.00cvss epss 0.19

    A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

  • CVE-2022-24314Feb 9, 2022
    risk 0.00cvss epss 0.18

    A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

  • CVE-2022-24312Feb 9, 2022
    risk 0.00cvss epss 0.03

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an…

  • CVE-2022-24311Feb 9, 2022
    risk 0.00cvss epss 0.03

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when…

  • CVE-2022-24310Feb 9, 2022
    risk 0.00cvss epss 0.02

    A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical…

  • CVE-2021-22710Mar 11, 2021
    risk 0.00cvss epss 0.02

    A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File)…

  • CVE-2021-22711Mar 11, 2021
    risk 0.00cvss epss 0.01

    A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF…