Vulnerability-Lookup

CVE-2021-22759 (GCVE-0-2021-22759)

Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51

Summary

A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.

Severity ?

No CVSS data available.

CWE

CWE-416 - Use after free

Assigner

schneider

References

URL

	Vendor	Product	Version
	n/a	IGSS Definition (Def.exe) V15.0.0.21140 and prior	Affected: IGSS Definition (Def.exe) V15.0.0.21140 and prior

FKIE_CVE-2021-22759

Vulnerability from fkie_nvd - Published: 2021-06-11 16:15 - Updated: 2024-11-21 05:50

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	interactive_graphical_scada_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5AD9202-97A9-4975-8307-5CCAEBF75A0C",
              "versionEndIncluding": "15.0.0.21140",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition."
    },
    {
      "lang": "es",
      "value": "Un CWE-416: Se presenta una vulnerabilidad de uso de memoria previamente liberada en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores, que podr\u00eda resultar en la p\u00e9rdida de datos o una ejecuci\u00f3n de c\u00f3digo remota debido al uso de datos de entrada no comprobados, cuando es importado un archivo CGF malicioso a IGSS Definition"
    }
  ],
  "id": "CVE-2021-22759",
  "lastModified": "2024-11-21T05:50:36.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-11T16:15:10.087",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2021-AVI-443

Vulnerability from certfr_avis - Published: 2021-06-09 - Updated: 2021-06-09

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modicon X80 BMXNOR0200H RTU versions antérieures à SV1.70 IR22
Schneider Electric	N/A	module Definition de IGSS (Interactive Graphical SCADA System) versions antérieures à 15.0.0.21141
Schneider Electric	N/A	PowerLogic PM5560 et PM5563 versions antérieures à V2.7.8
Schneider Electric	N/A	PowerLogic PM5561 et PM5562 versions antérieures à V2.5.4
Schneider Electric	N/A	PowerLogic EGX100 et EGX300 (produits en fin de vie, aucun correctif n'est prévu)
Schneider Electric	N/A	PowerLogic PM8ECC toutes versions (produit en fin de vie, aucun correctif n'est prévu)
Schneider Electric	N/A	Enerlin’X Com’X versions antérieures à V6.8.4
Schneider Electric	N/A	les produits Schneider Electric utilisant RockWell ISaGRAF (se référer au bulletin de sécurité SEVD-2021-159-04 de l'éditeur, cf. section Documentation)

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2021-159-03 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-04 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-05 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-01 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-02 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-06 du 08 juin 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modicon X80 BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 SV1.70 IR22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "module Definition de IGSS (Interactive Graphical SCADA System) versions ant\u00e9rieures \u00e0 15.0.0.21141",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM5560 et PM5563 versions ant\u00e9rieures \u00e0 V2.7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM5561 et PM5562 versions ant\u00e9rieures \u00e0 V2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic EGX100 et EGX300 (produits en fin de vie, aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM8ECC toutes versions (produit en fin de vie, aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Enerlin\u2019X Com\u2019X versions ant\u00e9rieures \u00e0 V6.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "les produits Schneider Electric utilisant RockWell ISaGRAF (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 SEVD-2021-159-04 de l\u0027\u00e9diteur, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22753"
    },
    {
      "name": "CVE-2021-22750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22750"
    },
    {
      "name": "CVE-2021-22763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22763"
    },
    {
      "name": "CVE-2021-22767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22767"
    },
    {
      "name": "CVE-2021-22754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22754"
    },
    {
      "name": "CVE-2021-22756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22756"
    },
    {
      "name": "CVE-2021-22765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22765"
    },
    {
      "name": "CVE-2021-22755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22755"
    },
    {
      "name": "CVE-2020-25176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25176"
    },
    {
      "name": "CVE-2021-22764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22764"
    },
    {
      "name": "CVE-2020-25178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25178"
    },
    {
      "name": "CVE-2021-22768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22768"
    },
    {
      "name": "CVE-2021-22749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22749"
    },
    {
      "name": "CVE-2021-22752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22752"
    },
    {
      "name": "CVE-2021-22760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22760"
    },
    {
      "name": "CVE-2020-25180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25180"
    },
    {
      "name": "CVE-2021-22766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22766"
    },
    {
      "name": "CVE-2021-22761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22761"
    },
    {
      "name": "CVE-2021-22758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22758"
    },
    {
      "name": "CVE-2021-22769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
    },
    {
      "name": "CVE-2020-25184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25184"
    },
    {
      "name": "CVE-2021-22759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22759"
    },
    {
      "name": "CVE-2021-22751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22751"
    },
    {
      "name": "CVE-2021-22757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22757"
    },
    {
      "name": "CVE-2021-22762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22762"
    },
    {
      "name": "CVE-2020-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25182"
    }
  ],
  "initial_release_date": "2021-06-09T00:00:00",
  "last_revision_date": "2021-06-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-443",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-03 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-04 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-05 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-01 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-02 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-06 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06"
    }
  ]
}

GSD-2021-22759

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22759

Aliases

CVE-2021-22759

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22759",
    "description": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.",
    "id": "GSD-2021-22759"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22759"
      ],
      "details": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.",
      "id": "GSD-2021-22759",
      "modified": "2023-12-13T01:23:24.937487Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2021-22759",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-416: Use after free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
            "refsource": "MISC",
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.0.0.21140",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22759"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-15T19:03Z",
      "publishedDate": "2021-06-11T16:15Z"
    }
  }
}

CNVD-2021-42150

Vulnerability from cnvd - Published: 2021-06-16

Title

Interactive Graphical SCADA System (IGSS)释放后重用漏洞

Description

Schneider Electric Interactive Graphical SCADA System (IGSS)是用于监测和控制工业过程的先进的SCADA系统。 Interactive Graphical SCADA System (IGSS) 15.0.0.21140及更早版本的Definition模块存在释放后重用漏洞。该漏洞源于在将恶意CGF文件导入IGSS Definition模块时会使用未经检查的输入数据。攻击者可利用该漏洞获取数据或实现远程代码执行。

Severity

中

Patch Name

Interactive Graphical SCADA System (IGSS)释放后重用漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

Impacted products

Name
Schneider Electric Interactive Graphical SCADA System (IGSS) <=15.0.0.21140

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22759",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22759"
    }
  },
  "description": "Schneider Electric Interactive Graphical SCADA System (IGSS)\u662f\u7528\u4e8e\u76d1\u6d4b\u548c\u63a7\u5236\u5de5\u4e1a\u8fc7\u7a0b\u7684\u5148\u8fdb\u7684SCADA\u7cfb\u7edf\u3002\n\nInteractive Graphical SCADA System (IGSS) 15.0.0.21140\u53ca\u66f4\u65e9\u7248\u672c\u7684Definition\u6a21\u5757\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5c06\u6076\u610fCGF\u6587\u4ef6\u5bfc\u5165IGSS Definition\u6a21\u5757\u65f6\u4f1a\u4f7f\u7528\u672a\u7ecf\u68c0\u67e5\u7684\u8f93\u5165\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u6216\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-04",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-42150",
  "openTime": "2021-06-16",
  "patchDescription": "Schneider Electric Interactive Graphical SCADA System (IGSS)\u662f\u7528\u4e8e\u76d1\u6d4b\u548c\u63a7\u5236\u5de5\u4e1a\u8fc7\u7a0b\u7684\u5148\u8fdb\u7684SCADA\u7cfb\u7edf\u3002\r\n\r\nInteractive Graphical SCADA System (IGSS) 15.0.0.21140\u53ca\u66f4\u65e9\u7248\u672c\u7684Definition\u6a21\u5757\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5c06\u6076\u610fCGF\u6587\u4ef6\u5bfc\u5165IGSS Definition\u6a21\u5757\u65f6\u4f1a\u4f7f\u7528\u672a\u7ecf\u68c0\u67e5\u7684\u8f93\u5165\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u6216\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Interactive Graphical SCADA System (IGSS)\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric Interactive Graphical SCADA System (IGSS) \u003c=15.0.0.21140"
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-09",
  "title": "Interactive Graphical SCADA System (IGSS)\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e"
}

GHSA-JV76-23H2-C485

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.",
  "id": "GHSA-jv76-23h2-c485",
  "modified": "2022-05-24T19:05:03Z",
  "published": "2022-05-24T19:05:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22759"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22759 (GCVE-0-2021-22759)

FKIE_CVE-2021-22759

CERTFR-2021-AVI-443

Solution

GSD-2021-22759

CNVD-2021-42150

GHSA-JV76-23H2-C485

Tags

Sightings

Nomenclature