CVE-2021-22761

Name of the Vulnerable Software and Affected Versions Schneider Electric IGSS versions prior to V15.0.0.21140

Description A memory buffer vulnerability exists due to missing length checks on user-supplied data. This issue can be triggered when a malicious CGF file is imported, potentially leading to disclosure of information or remote code execution.

Recommendations For versions prior to V15.0.0.21140, consider restricting the import of CGF files from untrusted sources until a patch is available. As a temporary workaround, avoid using the IGSS Definition (Def.exe) to import CGF files that may be malicious. At the moment, there is no information about a newer version that contains a fix for this vulnerability.