Vulnerability Description
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Interactive Graphical Scada System | <= 15.0.0.21041 |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01PatchVendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2021-068-01Broken LinkVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01PatchVendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2021-068-01Broken LinkVendor Advisory
FAQ
What is CVE-2021-22712?
CVE-2021-22712 is a vulnerability with a CVSS score of 7.8 (HIGH). A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which ...
How severe is CVE-2021-22712?
CVE-2021-22712 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22712?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Interactive Graphical Scada System.