CVE-2022-32526: Buffer Overflow
First published: Mon Jan 30 2023(Updated: )
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Interactive Graphical Scada System | <=15.0.0.22170 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-32526?
The severity of CVE-2022-32526 is critical with a CVSS score of 9.8.
What is the vulnerability ID of the buffer overflow vulnerability?
The vulnerability ID of the buffer overflow vulnerability is CVE-2022-32526.
How does the buffer overflow vulnerability occur?
The buffer overflow vulnerability occurs due to a CWE-120: Buffer Copy without Checking Size of Input.
Which software is affected by the buffer overflow vulnerability?
The affected software is Schneider-electric Interactive Graphical Scada System (IGSS) Data Server with versions up to and including 15.0.0.22170.
How can the buffer overflow vulnerability be exploited?
The buffer overflow vulnerability can be exploited by an attacker sending specially crafted setting value messages.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric interactive graphical scada system
- version/schneider-electric interactive graphical scada system/15.0.0.22170