Vulnerability Details CVE-2022-32528
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause access to manipulate and read specific files in the IGSS project report directory,
potentially leading to a denial-of-service condition when an attacker sends specific messages.
Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 8.6
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-165-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-165-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf
Products affected by CVE-2022-32528
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:10.0
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:12.0
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:13.0
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:13.0.0.19140
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0.0.19120
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0.0.20009
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:14.0.0.20247
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:15.0.0.22074
-
cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:9.0