Description
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data.
References (2)
Core 2
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2021-068-01
Patch, Vendor Advisory x_refsource_misc
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
31.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
schneider-electric/interactive_graphical_scada_system
< 15.0.0.21041
Published
Mar 11, 2021
Tracked Since
Feb 18, 2026