U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:15.0.0.22074:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.

Published: September 14, 2023; 5:15:08 AM -0400 		V3.1: 7.8 HIGH
 V2.0:(not available)
CVE-2022-32529

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:11 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-32528

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:11 PM -0500 		V3.1: 9.1 CRITICAL
 V2.0:(not available)
CVE-2022-32527

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:10 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-32526

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:10 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-32525

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:10 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-32524

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:10 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-32523

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:10 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)
CVE-2022-32522

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Published: January 30, 2023; 6:15:10 PM -0500 		V3.1: 9.8 CRITICAL
 V2.0:(not available)