Описание
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 15.0.0.21320 (включая)
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_collector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.0032
Низкий
9.1 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
github
почти 4 года назад
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
EPSS
Процентиль: 55%
0.0032
Низкий
9.1 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306