CVE-2021-22710
HIGHInteractive Graphical SCADA System - Memory Corruption
Title source: llmDescription
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.
References (2)
Core 2
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2021-068-01
Patch, Vendor Advisory x_refsource_misc
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01
Scores
CVSS v3
7.8
EPSS
0.0070
EPSS Percentile
72.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
schneider-electric/interactive_graphical_scada_system
< 15.0.0.21041
Published
Mar 11, 2021
Tracked Since
Feb 18, 2026