CVE-2021-22760

HIGH

IGSS Definition <15.0.0.21140 - RCE

Title source: llm

Description

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

References (1)

[Vendor Advisory] http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01

Scores

CVSS v3 7.8

EPSS 0.0043

EPSS Percentile 62.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-763

Status published

Products (1)

schneider-electric/interactive_graphical_scada_system < 15.0.0.21140

Published Jun 11, 2021

Tracked Since Feb 18, 2026