VDB
SEVD-2021-159-01
SEVD-2021-159-01
PUBLISHED
CVSS 7.800000190734863 HIGH
Schneider Electric is aware of multiple vulnerabilities in the Interactive Graphical SCADA System (IGSS) product. The IGSS product is a state-of-the art SCADA system used for monitoring and controlling industrial processes. IGSS communicates with all major industry standard PLC drivers. Failure to apply the remediations provided below may risk remote code execution, which could result in an attacker gaining access to the Windows Operating System on the machine used to import CGF and WSP files, typically a step performed during system design time.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric IGSS Definition (Def.exe) V15.0.0.21041 and prior | ||
| Schneider Electric IGSS Definition module: Def.exe Version 15.0.0.21141 | ||
| Schneider Electric IGSS Definition (Def.exe) V15.0.0.21140 and prior |
Timeline
- Jun 8, 2021 CVE Published
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-01_IGSS_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2021-159-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://igss.schneider-electric.com/igss/igssupdates/v150/IGSSUPDATE.ZIP fix