CVE-2021-22712

Name of the Vulnerable Software and Affected Versions Interactive Graphical SCADA System (IGSS) versions 15.0.0.21041 and prior

Description A memory buffer vulnerability exists due to improper restriction of operations within the bounds of a memory buffer, which could result in arbitrary read or write conditions when a malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address. This issue may allow a remote attacker to execute remote code execution by using a specially crafted CGF file.

Recommendations For versions 15.0.0.21041 and prior, consider disabling the import of CGF files until a patch is available to prevent exploitation of the memory corruption vulnerability. Restrict access to the IGSS Definition to minimize the risk of exploitation. Avoid using specially crafted CGF files in the affected IGSS version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.