CVE List


Critical 7.5

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.

Published March 24, 2020.

Affected software

Schneider-electric Interactive Graphical Scada System

Reference links

Sign Up for Alerts