Описание
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 14.0 (включая) до 14.0.0.20009 (исключая)
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00138
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
EPSS
Процентиль: 34%
0.00138
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-306
CWE-306