Vulnerability-Lookup

CVE-2021-22760 (GCVE-0-2021-22760)

Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51

Summary

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

Severity ?

No CVSS data available.

CWE

CWE-763 - Release of invalid pointer or reference

Assigner

schneider

References

URL

	Vendor	Product	Version
	n/a	IGSS Definition (Def.exe) V15.0.0.21140 and prior	Affected: IGSS Definition (Def.exe) V15.0.0.21140 and prior

CERTFR-2021-AVI-443

Vulnerability from certfr_avis - Published: 2021-06-09 - Updated: 2021-06-09

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modicon X80 BMXNOR0200H RTU versions antérieures à SV1.70 IR22
Schneider Electric	N/A	module Definition de IGSS (Interactive Graphical SCADA System) versions antérieures à 15.0.0.21141
Schneider Electric	N/A	PowerLogic PM5560 et PM5563 versions antérieures à V2.7.8
Schneider Electric	N/A	PowerLogic PM5561 et PM5562 versions antérieures à V2.5.4
Schneider Electric	N/A	PowerLogic EGX100 et EGX300 (produits en fin de vie, aucun correctif n'est prévu)
Schneider Electric	N/A	PowerLogic PM8ECC toutes versions (produit en fin de vie, aucun correctif n'est prévu)
Schneider Electric	N/A	Enerlin’X Com’X versions antérieures à V6.8.4
Schneider Electric	N/A	les produits Schneider Electric utilisant RockWell ISaGRAF (se référer au bulletin de sécurité SEVD-2021-159-04 de l'éditeur, cf. section Documentation)

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2021-159-03 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-04 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-05 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-01 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-02 du 08 juin 2021	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-159-06 du 08 juin 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modicon X80 BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 SV1.70 IR22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "module Definition de IGSS (Interactive Graphical SCADA System) versions ant\u00e9rieures \u00e0 15.0.0.21141",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM5560 et PM5563 versions ant\u00e9rieures \u00e0 V2.7.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM5561 et PM5562 versions ant\u00e9rieures \u00e0 V2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic EGX100 et EGX300 (produits en fin de vie, aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PowerLogic PM8ECC toutes versions (produit en fin de vie, aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Enerlin\u2019X Com\u2019X versions ant\u00e9rieures \u00e0 V6.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "les produits Schneider Electric utilisant RockWell ISaGRAF (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 SEVD-2021-159-04 de l\u0027\u00e9diteur, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22753"
    },
    {
      "name": "CVE-2021-22750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22750"
    },
    {
      "name": "CVE-2021-22763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22763"
    },
    {
      "name": "CVE-2021-22767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22767"
    },
    {
      "name": "CVE-2021-22754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22754"
    },
    {
      "name": "CVE-2021-22756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22756"
    },
    {
      "name": "CVE-2021-22765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22765"
    },
    {
      "name": "CVE-2021-22755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22755"
    },
    {
      "name": "CVE-2020-25176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25176"
    },
    {
      "name": "CVE-2021-22764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22764"
    },
    {
      "name": "CVE-2020-25178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25178"
    },
    {
      "name": "CVE-2021-22768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22768"
    },
    {
      "name": "CVE-2021-22749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22749"
    },
    {
      "name": "CVE-2021-22752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22752"
    },
    {
      "name": "CVE-2021-22760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22760"
    },
    {
      "name": "CVE-2020-25180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25180"
    },
    {
      "name": "CVE-2021-22766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22766"
    },
    {
      "name": "CVE-2021-22761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22761"
    },
    {
      "name": "CVE-2021-22758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22758"
    },
    {
      "name": "CVE-2021-22769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22769"
    },
    {
      "name": "CVE-2020-25184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25184"
    },
    {
      "name": "CVE-2021-22759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22759"
    },
    {
      "name": "CVE-2021-22751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22751"
    },
    {
      "name": "CVE-2021-22757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22757"
    },
    {
      "name": "CVE-2021-22762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22762"
    },
    {
      "name": "CVE-2020-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25182"
    }
  ],
  "initial_release_date": "2021-06-09T00:00:00",
  "last_revision_date": "2021-06-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-443",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-03 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-04 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-05 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-01 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-02 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-06 du 08 juin 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06"
    }
  ]
}

GSD-2021-22760

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22760

Aliases

CVE-2021-22760

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22760",
    "description": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.",
    "id": "GSD-2021-22760"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22760"
      ],
      "details": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.",
      "id": "GSD-2021-22760",
      "modified": "2023-12-13T01:23:24.811199Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2021-22760",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-763: Release of invalid pointer or reference "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
            "refsource": "MISC",
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.0.0.21140",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22760"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-763"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-15T19:12Z",
      "publishedDate": "2021-06-11T16:15Z"
    }
  }
}

CNVD-2021-42149

Vulnerability from cnvd - Published: 2021-06-16

Title

Interactive Graphical SCADA System (IGSS)代码执行漏洞

Description

Schneider Electric Interactive Graphical SCADA System (IGSS)是用于监测和控制工业过程的先进的SCADA系统。 Interactive Graphical SCADA System (IGSS) 15.0.0.21140及更早版本的Definition模块存在代码执行漏洞。该漏洞源于在将恶意CGF文件导入IGSS Definition模块时对用户提供的输入数据缺少检查。攻击者可利用该漏洞获取数据或实现远程代码执行。

Severity

中

Patch Name

Interactive Graphical SCADA System (IGSS)代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04

Impacted products

Name
Schneider Electric Interactive Graphical SCADA System (IGSS) <=15.0.0.21140

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22760",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22760"
    }
  },
  "description": "Schneider Electric Interactive Graphical SCADA System (IGSS)\u662f\u7528\u4e8e\u76d1\u6d4b\u548c\u63a7\u5236\u5de5\u4e1a\u8fc7\u7a0b\u7684\u5148\u8fdb\u7684SCADA\u7cfb\u7edf\u3002\n\nInteractive Graphical SCADA System (IGSS) 15.0.0.21140\u53ca\u66f4\u65e9\u7248\u672c\u7684Definition\u6a21\u5757\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5c06\u6076\u610fCGF\u6587\u4ef6\u5bfc\u5165IGSS Definition\u6a21\u5757\u65f6\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u6570\u636e\u7f3a\u5c11\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u6216\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-04",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-42149",
  "openTime": "2021-06-16",
  "patchDescription": "Schneider Electric Interactive Graphical SCADA System (IGSS)\u662f\u7528\u4e8e\u76d1\u6d4b\u548c\u63a7\u5236\u5de5\u4e1a\u8fc7\u7a0b\u7684\u5148\u8fdb\u7684SCADA\u7cfb\u7edf\u3002\r\n\r\nInteractive Graphical SCADA System (IGSS) 15.0.0.21140\u53ca\u66f4\u65e9\u7248\u672c\u7684Definition\u6a21\u5757\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5c06\u6076\u610fCGF\u6587\u4ef6\u5bfc\u5165IGSS Definition\u6a21\u5757\u65f6\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u6570\u636e\u7f3a\u5c11\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u6216\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Interactive Graphical SCADA System (IGSS)\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric Interactive Graphical SCADA System (IGSS) \u003c=15.0.0.21140"
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-04",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-09",
  "title": "Interactive Graphical SCADA System (IGSS)\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2021-22760

Vulnerability from fkie_nvd - Published: 2021-06-11 16:15 - Updated: 2024-11-21 05:50

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	interactive_graphical_scada_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5AD9202-97A9-4975-8307-5CCAEBF75A0C",
              "versionEndIncluding": "15.0.0.21140",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition."
    },
    {
      "lang": "es",
      "value": "Un CWE-763: Se presenta una vulnerabilidad de puntero o referencia no v\u00e1lida en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores que podr\u00eda resultar en una p\u00e9rdida de informaci\u00f3n o una ejecuci\u00f3n de c\u00f3digo remota debido a una falta de comprobaci\u00f3n de los datos de entrada suministrados por el usuario, cuando es importado un archivo CGF malicioso a IGSS Definition"
    }
  ],
  "id": "CVE-2021-22760",
  "lastModified": "2024-11-21T05:50:36.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-11T16:15:10.153",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-763"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    }
  ]
}

GHSA-486P-JW3H-72GH

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22760"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.",
  "id": "GHSA-486p-jw3h-72gh",
  "modified": "2022-05-24T19:05:03Z",
  "published": "2022-05-24T19:05:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22760"
    },
    {
      "type": "WEB",
      "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22760 (GCVE-0-2021-22760)

CERTFR-2021-AVI-443

Solution

GSD-2021-22760

CNVD-2021-42149

FKIE_CVE-2021-22760

GHSA-486P-JW3H-72GH

Tags

Sightings

Nomenclature