CVE-2021-22823
published 2022-02-11CVE-2021-22823: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running…
PriorityP270critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
21.39%
97.3th percentile
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | interactive_graphical_scada_system_data_collector | <= 15.0.0.21320 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libxmltok vulnerabilities
osv·2022-07-19·CVSS 5.0
CVE-2012-1148 libxmltok vulnerabilities
libxmltok vulnerabilities
Tim Boddy, Gustavo Grieco and others discovered that Expat, that is
integrated in xmltok library, incorrectly handled certain files.
An attacker could possibly use these issues to cause a denial of
service, or possibly execute arbitrary code. These issues were only
addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903,
CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled encoding validation of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25235)
It was discovered
GHSA
GHSA-fh83-4f5x-869c: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user r
ghsa_unreviewed·2022-02-12
CVE-2021-22823 [CRITICAL] CWE-306 GHSA-fh83-4f5x-869c: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user r
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-11
Published