Schneider-Electric Interactive Graphical Scada System Data Server vulnerabilities
8 known vulnerabilities affecting schneider-electric/interactive_graphical_scada_system_data_server.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH4
Vulnerabilities
Page 1 of 1
CVE-2022-24313P2CRITICALCVSS 9.8≤ 15.0.0.220202022-02-09
CVE-2022-24313 [CRITICAL] CWE-120 CVE-2022-24313: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
nvd
CVE-2022-24311P2CRITICALCVSS 9.8≤ 15.0.0.220202022-02-09
CVE-2022-24311 [CRITICAL] CWE-22 CVE-2022-24311: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that coul
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Inter
nvd
CVE-2022-24312P2CRITICALCVSS 9.8≤ 15.0.0.220202022-02-09
CVE-2022-24312 [CRITICAL] CWE-22 CVE-2022-24312: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that coul
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Gr
nvd
CVE-2022-24310P3CRITICALCVSS 9.8≤ 15.0.0.220202022-02-09
CVE-2022-24310 [CRITICAL] CWE-190 CVE-2022-24310: A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer ov
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
nvd
CVE-2022-24314P3HIGHCVSS 7.5≤ 15.0.0.220202022-02-09
CVE-2022-24314 [HIGH] CWE-125 CVE-2022-24314: A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulti
A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
nvd
CVE-2022-24315P3HIGHCVSS 7.5≤ 15.0.0.220202022-02-09
CVE-2022-24315 [HIGH] CWE-125 CVE-2022-24315: A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attack
A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
nvd
CVE-2022-24317P3HIGHCVSS 7.5≤ 15.0.0.220202022-02-09
CVE-2022-24317 [HIGH] CWE-862 CVE-2022-24317: A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
nvd
CVE-2022-24316P3HIGHCVSS 7.5≤ 15.0.0.220202022-02-09
CVE-2022-24316 [HIGH] CWE-665 CVE-2022-24316: A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when a
A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
nvd