CVE-2022-32523

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.8%

top 17.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric Igss Data Server (igssdataserver.exe)Schneider-electric Interactive Graphical Scada System

Timeline

PublishedJan 30

Latest updateJan 31

Description

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5schneider_electric/igss_data_server_(igssdataserver.exe)All — V15.0.0.22170

▶NVDschneider-electric/interactive_graphical_scada_system15.0.0.22170

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-5g6r-5gw7-h9v2: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remo↗2023-01-31

▶

CVEList

CVE-2022-32523: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remo↗2023-01-30

▶