CVE-2021-22709 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Interactive Graphical Scada System

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 27.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Interactive Graphical Scada System

Timeline

PublishedMar 11

Latest updateMay 24

Description

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDschneider-electric/interactive_graphical_scada_system15.0.0.21041

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-x8rr-7c53-pc84: A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) De↗2022-05-24

▶

CVEList

CVE-2021-22709: A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) De↗2021-03-11

▶