exploitDog

CVE-2021-22805

Опубликовано: 11 фев. 2022

Источник: nvd

CVSS3: 9.1

CVSS2: 5

EPSS Низкий

Описание

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

Ссылки

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03
Patch
Vendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_collector:*:*:*:*:*:*:*:*

Версия до 15.0.0.21243 (включая)

EPSS

Процентиль: 46%

0.00232

Низкий

9.1 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-px95-pcrx-64c4

github

почти 4 года назад

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

EPSS

Процентиль: 46%

0.00232

Низкий

9.1 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306