CVE-2021-22710 - Vulnerability Details

Vendors	Products
Schneider-electric	Interactive Graphical Scada System

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01
https://www.se.com/ww/en/download/document/SEVD-2021-068-01

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior", "vendor": "n/a", "versions": [{"status": "affected", "version": "Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-11T20:26:02", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-01"}, {"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2021-22710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior", "version": {"version_data": [{"version_value": "Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2021-068-01", "refsource": "MISC", "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-01"}, {"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:51:07.145Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2021-22710", "datePublished": "2021-03-11T20:26:02", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.145Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-119 (string)

description : CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-03-11T20:26:02 (string)

orgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

shortName : schneider (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.se.com/ww/en/download/document/SEVD-2021-068-01 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cybersecurity@schneider-electric.com (string)

ID : CVE-2021-22710 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior (string)

version : { »

version_data : [ »

0 : { »

version_value : Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.se.com/ww/en/download/document/SEVD-2021-068-01 (string)

refsource : MISC (string)

url : https://www.se.com/ww/en/download/document/SEVD-2021-068-01 (string)

}

1 : { »

name : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 (string)

refsource : MISC (string)

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:51:07.145Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.se.com/ww/en/download/document/SEVD-2021-068-01 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 076d1eb6-cfab-4401-b34d-6dfc2a413bdb (string)

assignerShortName : schneider (string)

cveId : CVE-2021-22710 (string)

datePublished : 2021-03-11T20:26:02 (string)

dateReserved : 2021-01-06T00:00:00 (string)

dateUpdated : 2024-08-03T18:51:07.145Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CC174AC-AAAA-4BA4-B23F-F6F08103EF38", "versionEndIncluding": "15.0.0.21041", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition."}, {"lang": "es", "value": "Una CWE-119: se presenta una vulnerabilidad de Restricci\u00f3n Inapropiada de Operaciones dentro de los L\u00edmites de un B\u00fafer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, que podr\u00eda causar una ejecuci\u00f3n de c\u00f3digo remota cuando un archivo CGF (Configuration Group File) es importado para IGSS Definition"}], "id": "CVE-2021-22710", "lastModified": "2024-11-21T05:50:30.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-11T21:15:12.170", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01"}, {"source": "cybersecurity@se.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2021-068-01"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cybersecurity@se.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3CC174AC-AAAA-4BA4-B23F-F6F08103EF38 (string)

versionEndIncluding : 15.0.0.21041 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. (string)

}

1 : { »

lang : es (string)

value : Una CWE-119: se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria en Interactive Graphical SCADA System (IGSS) Definition (Def.exe) versiones V15.0.0.21041 y anteriores, que podría causar una ejecución de código remota cuando un archivo CGF (Configuration Group File) es importado para IGSS Definition (string)

}

]

id : CVE-2021-22710 (string)

lastModified : 2024-11-21T05:50:30.553 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-03-11T21:15:12.170 (string)

references : [ »

0 : { »

source : cybersecurity@se.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 (string)

}

1 : { »

source : cybersecurity@se.com (string)

tags : [ »

0 : Broken Link (string)

1 : Vendor Advisory (string)

]

url : https://www.se.com/ww/en/download/document/SEVD-2021-068-01 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-068-01 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Vendor Advisory (string)

]

url : https://www.se.com/ww/en/download/document/SEVD-2021-068-01 (string)

}

]

sourceIdentifier : cybersecurity@se.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : cybersecurity@se.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object