SCADA: Schneider Electric IGSS IGSSdataServer.exe Buffer Overflow
This signature detects attempts to exploit a known vulnerability against SCADA Schneider Electric IGSS. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the IGSSDataServer process.
Extended Description
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
Affected Products
Schneider-electric interactive_graphical_scada_system_data_server
References
CVE: CVE-2022-2329
URL: https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-102-01_IGSS_Security_Notification_V2.0.pdf&p_Doc_Ref=SEVD-2022-102-01&_ga=2.147575794.439594371.1658512039-643358291.1655388168 https://www.tenable.com/security/research/tra-2022-13
Short Name
SCADA:SCADA-ELECTRIC-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SCADA
Keywords
Buffer CVE-2022-2329 CVE-2022-24313 Electric IGSS IGSSdataServer.exe Overflow Schneider
Release Date
07/07/2022
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
Port
TCP/12401
False Positive
Unknown
Vendors
Schneider-electric