IGSS Data Server <v15.0.0.22170: Missing Auth in IGSSdataServer.exe
CVE-2022-32528 Published on January 30, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
Vulnerability Analysis
CVE-2022-32528 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2022-32528
stack.watch emails you whenever new vulnerabilities are published in Schneider Electric Igss Data Server or Schneider Electric Interactive Graphical Scada System. Just hit a watch button to start following.
Affected Versions
Schneider Electric IGSS Data Server (IGSSdataServer.exe):- Version All and below V15.0.0.22170 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.