CVE Published: 30/01/2023 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: schneider |
Vendor: Schneider Electric |
Product: IGSS Data Server (IGSSdataServer.exe) Status : PUBLISHED
CVE-2022-32528 Description
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could
cause access to manipulate and read specific files in the IGSS project report directory,
potentially leading to a denial-of-service condition when an attacker sends specific messages.
Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
Metrics
CVSS Version: 3.1 |
Base Score: 8.6 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H