VDB

CVE-2021-22760

CVE-2021-22760 PUBLISHED CVSS 7.800000190734863 HIGH

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

EPSS 0.43% · 63.2th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.43%
63.2th percentile

Affected Products

VendorProductVersions
schneider-electricinteractive_graphical_scada_system0
n/aIGSS Definition (Def.exe) V15.0.0.21140 and priorIGSS Definition (Def.exe) V15.0.0.21140 and prior

Timeline

  • Apr 13, 2021 CVE Published
  • Jun 12, 2021 EPSS Score
  • Aug 13, 2021 EPSS Score
  • Oct 12, 2021 EPSS Score
  • Dec 12, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 11, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 13, 2022 EPSS Score
  • Jun 12, 2022 EPSS Score
  • Aug 13, 2022 EPSS Score
  • Oct 13, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›