cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22824,https://securityvulnerability.io/vulnerability/CVE-2021-22824,Buffer Overflow Vulnerability in Schneider Electric's Interactive Graphical SCADA System,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Collector that arises from a buffer overflow due to inadequate length checking on user-supplied data in messages received over the network. This flaw could be exploited to cause a denial of service, resulting in service interruptions. Users are urged to review the affected versions and apply any available patches to mitigate this vulnerability.",Schneider Electric,Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21320 And Prior),7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-11T17:40:40.000Z,0
CVE-2021-22823,https://securityvulnerability.io/vulnerability/CVE-2021-22823,Missing Authentication Vulnerability in Interactive Graphical SCADA System by Schneider Electric,"A vulnerability in Schneider Electric's Interactive Graphical SCADA System could allow an unauthorized user to delete arbitrary files by exploiting a lack of proper authentication for critical functions. This vulnerability arises due to insufficient validation of network messages, enabling potential misuse by malicious actors, particularly affecting users running the Data Collector (dc.exe) in versions V15.0.0.21320 and earlier.",Schneider Electric,Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21320 And Prior),9.1,CRITICAL,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-11T17:40:39.000Z,0
CVE-2021-22805,https://securityvulnerability.io/vulnerability/CVE-2021-22805,Missing Authentication Vulnerability in Schneider Electric's Interactive Graphical SCADA System,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Collector due to insufficient validation of network messages. This could allow attackers to exploit the vulnerability, leading to the unauthorized deletion of arbitrary files in the context of the user running the application. Organizations utilizing this software version need to take proactive measures to secure their systems against potential threats.",Schneider Electric,Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21243 And Prior),9.1,CRITICAL,0.002240000059828162,false,,false,false,false,,,false,false,,2022-02-11T17:40:38.000Z,0
CVE-2021-22804,https://securityvulnerability.io/vulnerability/CVE-2021-22804,Improper Limitation of Pathname in Interactive Graphical SCADA System by Schneider Electric,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System due to improper validation of user-supplied data in network messages. This oversight could enable an attacker to access and read arbitrary files in the context of the user executing the system. The issue affects versions prior to V15.0.0.21243, posing a potential risk for unauthorized data disclosure.",Schneider Electric,Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21243 And Prior),7.5,HIGH,0.01867000013589859,false,,false,false,false,,,false,false,,2022-02-11T17:40:37.000Z,0
CVE-2021-22802,https://securityvulnerability.io/vulnerability/CVE-2021-22802,Remote Code Execution Vulnerability in Schneider Electric Interactive Graphical SCADA System,"A vulnerability has been identified in Schneider Electric's Interactive Graphical SCADA System, specifically in the Data Collector (dc.exe). This flaw allows for remote code execution due to a missing length check on user-supplied data when a crafted message is received over the network. Malicious actors could exploit this weakness, potentially leading to unauthorized system access and manipulation.",Schneider Electric,Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21243 And Prior),9.8,CRITICAL,0.014630000106990337,false,,false,false,false,,,false,false,,2022-02-11T17:40:36.000Z,0
CVE-2021-22803,https://securityvulnerability.io/vulnerability/CVE-2021-22803,Unrestricted File Upload Vulnerability in Schneider Electric's Data Collector,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Collector that allows an attacker to upload arbitrary files, potentially leading to remote code execution. This occurs when crafted messages are sent over the network, enabling the manipulation of file permissions in vulnerable directories associated with the DC module. Users are encouraged to review their systems and implement appropriate security measures to mitigate this risk.",Schneider Electric,Interactive Graphical Scada System Data Collector (dc.exe) (v15.0.0.21243 And Prior),9.8,CRITICAL,0.014770000241696835,false,,false,false,false,,,false,false,,2022-02-11T17:40:36.000Z,0
CVE-2022-24317,https://securityvulnerability.io/vulnerability/CVE-2022-24317,Missing Authorization Vulnerability in Schneider Electric's Interactive Graphical SCADA System,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Server that allows attackers to exploit missing authorization controls. This could enable unauthorized users to send specific messages, potentially leading to unauthorized access to sensitive information. Organizations using versions prior to V15.0.0.22020 should take immediate action to mitigate this risk and ensure the integrity of their systems.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),7.5,HIGH,0.0041600000113248825,false,,false,false,false,,,false,false,,2022-02-09T22:05:03.000Z,0
CVE-2022-24316,https://securityvulnerability.io/vulnerability/CVE-2022-24316,Improper Initialization Vulnerability in Interactive Graphical SCADA System Data Server by Schneider Electric,"An improper initialization vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Server. This issue can lead to information exposure, allowing attackers to exploit it by sending specially crafted messages. Users of versions V15.0.0.22020 and earlier are particularly at risk. It is critical to apply available patches and updates to safeguard against potential attacks.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),7.5,HIGH,0.0041600000113248825,false,,false,false,false,,,false,false,,2022-02-09T22:05:02.000Z,0
CVE-2022-24315,https://securityvulnerability.io/vulnerability/CVE-2022-24315,Out-of-bounds Read Vulnerability in Schneider Electric Interactive Graphical SCADA System,"A vulnerability exists in the Interactive Graphical SCADA System Data Server that allows an attacker to exploit an out-of-bounds read issue. This could be triggered by sending specially crafted messages, which may lead to denial of service. The affected versions include V15.0.0.22020 and earlier, posing risks to operational integrity and service availability for users.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),7.5,HIGH,0.0034199999645352364,false,,false,false,false,,,false,false,,2022-02-09T22:05:01.000Z,0
CVE-2022-24314,https://securityvulnerability.io/vulnerability/CVE-2022-24314,Out-of-bounds Read Vulnerability in Schneider Electric's Interactive Graphical SCADA System,"An out-of-bounds read vulnerability exists in Schneider Electric's Interactive Graphical SCADA System that can be exploited when an attacker sends specifically crafted messages. This could lead to memory leaks and potentially result in a denial of service, affecting the system's stability and availability.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-09T22:05:00.000Z,0
CVE-2022-24313,https://securityvulnerability.io/vulnerability/CVE-2022-24313,Buffer Overflow Vulnerability in Schneider Electric's Interactive Graphical SCADA System,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System Data Server that allows for a buffer overflow due to improper validation of input size. An attacker can exploit this flaw by sending a specially crafted message, potentially leading to remote code execution on the affected server. This issue emphasizes the importance of secure coding practices to prevent similar vulnerabilities.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),9.8,CRITICAL,0.023089999333024025,false,,false,false,false,,,false,false,,2022-02-09T22:04:59.000Z,0
CVE-2022-24312,https://securityvulnerability.io/vulnerability/CVE-2022-24312,Improper Pathname Limitation in Interactive Graphical SCADA System by Schneider Electric,"The vulnerability allows an attacker to potentially modify existing files or create new ones within the context of the Data Server by sending specially crafted messages. This exploitation can lead to significant security risks, including remote code execution, posing a threat to the integrity and reliability of the interactive graphical SCADA systems.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),9.8,CRITICAL,0.006810000166296959,false,,false,false,false,,,false,false,,2022-02-09T22:04:58.000Z,0
CVE-2022-24311,https://securityvulnerability.io/vulnerability/CVE-2022-24311,Improper Pathname Limitation in Schneider Electric Interactive Graphical SCADA System,"A vulnerability exists in the Interactive Graphical SCADA System Data Server due to improper limitation of a pathname to a restricted directory. This issue allows an attacker to potentially modify existing files by inserting data at the beginning or creating new files through specially crafted messages. If exploited, this flaw could lead to remote code execution, posing significant risks to the integrity and security of the system.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),9.8,CRITICAL,0.006810000166296959,false,,false,false,false,,,false,false,,2022-02-09T22:04:58.000Z,0
CVE-2022-24310,https://securityvulnerability.io/vulnerability/CVE-2022-24310,Heap-Based Buffer Overflow Vulnerability in Interactive Graphical SCADA System by Schneider Electric,"An integer overflow vulnerability has been identified in Schneider Electric's Interactive Graphical SCADA System, which can lead to a heap-based buffer overflow. This vulnerability allows attackers to craft multiple specially designed messages that could ultimately result in a denial of service and might allow for remote code execution. It is critical for users of affected versions to implement appropriate security measures, ensuring their systems remain secure from potential exploitation.",Schneider Electric,Interactive Graphical Scada System Data Server (v15.0.0.22020 And Prior),9.8,CRITICAL,0.006649999879300594,false,,false,false,false,,,false,false,,2022-02-09T22:04:57.000Z,0
CVE-2021-22709,https://securityvulnerability.io/vulnerability/CVE-2021-22709,Improper Memory Buffer Restriction in Schneider Electric SCADA System,"A vulnerability exists in the Interactive Graphical SCADA System (IGSS) Definition, specifically in the Def.exe executable, allowing for improper access controls within memory operations. This can lead to severe risks, including potential data loss and the possibility of remote code execution when an attacker successfully imports a malicious Configuration Group File (CGF) into the system. Users of IGSS versions V15.0.0.21041 and earlier are encouraged to evaluate the implications of this vulnerability on their operational security.",Schneider Electric,Interactive Graphical Scada System (igss) Definition (def.exe) V15.0.0.21041 And Prior,7.8,HIGH,0.004470000043511391,false,,false,false,false,,,false,false,,2021-03-11T20:27:13.000Z,0
CVE-2021-22710,https://securityvulnerability.io/vulnerability/CVE-2021-22710,Remote Code Execution Vulnerability in Interactive Graphical SCADA System by Schneider Electric,"A vulnerability exists in the Interactive Graphical SCADA System (IGSS) Definition which allows remote attackers to execute arbitrary code. This issue arises when a malicious Configuration Group File (CGF) is imported into the IGSS Definition, potentially leading to unauthorized access and control over the system. Protecting against this vulnerability is essential for maintaining the integrity and security of industrial control systems.",Schneider Electric,Interactive Graphical Scada System (igss) Definition (def.exe) V15.0.0.21041 And Prior,7.8,HIGH,0.004470000043511391,false,,false,false,false,,,false,false,,2021-03-11T20:26:02.000Z,0
CVE-2021-22712,https://securityvulnerability.io/vulnerability/CVE-2021-22712,Improper Memory Buffer Operation in Schneider Electric IGSS Definition,"A critical vulnerability exists in Schneider Electric's Interactive Graphical SCADA System (IGSS) Definition, allowing for arbitrary read and write operations. This issue arises from an unchecked pointer address when importing malicious Configuration Group File (CGF) files. Consequently, attackers may exploit this weakness to manipulate data and potentially compromise system integrity, emphasizing the need for prompt mitigations and security updates.",Schneider Electric,Interactive Graphical Scada System (igss) Definition (def.exe) V15.0.0.21041 And Prior,7.8,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2021-03-11T20:25:07.000Z,0
CVE-2021-22711,https://securityvulnerability.io/vulnerability/CVE-2021-22711,Improper Buffer Handling in Interactive Graphical SCADA System by Schneider Electric,"A vulnerability exists in Schneider Electric's Interactive Graphical SCADA System (IGSS) that could allow an attacker to manipulate memory through the improper handling of buffer limits. This issue arises when a malicious Configuration Group File (CGF) is imported, as the system lacks adequate validation of input data, potentially leading to arbitrary read or write operations. Users of versions V15.0.0.21041 and earlier are particularly at risk and should review relevant security advisories to mitigate potential exploitation.",Schneider Electric,Interactive Graphical Scada System (igss) Definition (def.exe) V15.0.0.21041 And Prior,7.8,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2021-03-11T20:23:16.000Z,0
CVE-2020-7479,https://securityvulnerability.io/vulnerability/CVE-2020-7479,Missing Authentication Vulnerability in IGSS Update Service by Schneider Electric,"A vulnerability exists in the IGSS Update Service that stems from missing authentication, allowing local users to execute commands without requiring the necessary escalation of privileges. This weakness can be exploited by sending local network commands, potentially leading to unauthorized actions in the IGSS environment, compromising system integrity and availability.",Schneider Electric,Igss (interactive Graphical Scada System) (igss Version Prior To 14.0.0.20009),7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-03-23T19:18:26.000Z,0
CVE-2020-7478,https://securityvulnerability.io/vulnerability/CVE-2020-7478,Path Traversal Vulnerability in IGSS Software by Schneider Electric,"A path traversal vulnerability exists in the IGSS software developed by Schneider Electric, specifically in versions 14 and earlier that utilize the IGSS Update Service. This flaw allows a remote unauthenticated attacker to access arbitrary files on the server's local file system. When enabled, the IGSS Update Service can potentially expose sensitive data over an unrestricted or shared network, thus posing risks to the confidentiality and integrity of the system.",Schneider Electric,Igss (interactive Graphical Scada System) (igss Version Prior To 14.0.0.20009),7.5,HIGH,0.011540000326931477,false,,false,false,false,,,false,false,,2020-03-23T19:17:11.000Z,0
CVE-2019-6827,https://securityvulnerability.io/vulnerability/CVE-2019-6827,Out-of-bounds Write vulnerability in Schneider Electric's Interactive Graphical SCADA System,"An out-of-bounds write vulnerability exists in Schneider Electric's Interactive Graphical SCADA System, affecting Version 14 and earlier. This vulnerability can be exploited by manipulating data in the mdb database, potentially leading to a software crash. Organizations using affected versions are advised to assess their security posture and apply relevant updates to mitigate risks associated with this vulnerability.",Schneider Electric,Interactive Graphical Scada System (igss)  Version 14 And Prior,7.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2019-07-15T20:47:48.000Z,0
CVE-2017-9967,https://securityvulnerability.io/vulnerability/CVE-2017-9967,,A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.,Schneider Electric,Interactive Graphical Scada System,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2018-02-12T00:00:00.000Z,0
CVE-2017-6033,https://securityvulnerability.io/vulnerability/CVE-2017-6033,,"A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.",Schneider Electric,Schneider Electric Interactive Graphical Scada System Software,7.8,HIGH,0.001230000052601099,false,,false,false,false,,,false,false,,2017-04-07T22:00:00.000Z,0
CVE-2013-0657,https://securityvulnerability.io/vulnerability/CVE-2013-0657,,Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.,Schneider Electric,Interactive Graphical Scada System,,,0.7883700132369995,false,,false,false,false,,,false,false,,2013-01-21T16:00:00.000Z,0