cbcvebase.

Schneider-Electric Interactive Graphical Scada System Data Collector vulnerabilities

6 known vulnerabilities affecting schneider-electric/interactive_graphical_scada_system_data_collector.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2

Vulnerabilities

Page 1 of 1
CVE-2021-22802P2CRITICALCVSS 9.8≤ 15.0.0.212432022-02-11
CVE-2021-22802 [CRITICAL] CWE-120 CVE-2021-22802: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remo A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
nvd
CVE-2021-22823P2CRITICALCVSS 9.1≤ 15.0.0.213202022-02-11
CVE-2021-22823 [CRITICAL] CWE-306 CVE-2021-22823: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deleti A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
nvd
CVE-2021-22803P2CRITICALCVSS 9.8≤ 15.0.0.212432022-02-11
CVE-2021-22803 [CRITICAL] CWE-434 CVE-2021-22803: A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to r A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.
nvd
CVE-2021-22805P3CRITICALCVSS 9.1≤ 15.0.0.212432022-02-11
CVE-2021-22805 [CRITICAL] CWE-306 CVE-2021-22805: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deleti A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
nvd
CVE-2021-22824P3HIGHCVSS 7.5≤ 15.0.0.213202022-02-11
CVE-2021-22824 [HIGH] CWE-120 CVE-2021-22824: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in deni A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
nvd
CVE-2021-22804P3HIGHCVSS 7.5≤ 15.0.0.212432022-02-11
CVE-2021-22804 [HIGH] CWE-22 CVE-2021-22804: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that coul A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and
nvd
Schneider-Electric Interactive Graphical Scada System Data Collector vulnerabilities | cvebase