CVE-2021-22711

Name of the Vulnerable Software and Affected Versions Interactive Graphical SCADA System (IGSS) versions prior to 15.0.0.21041

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to read or write arbitrary files using a specially crafted CGF file. This is due to missing validation of input data when importing a malicious CGF file to IGSS Definition. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 15.0.0.21041, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the import of CGF files to trusted sources until a patch is available. Avoid using the CGF file import feature in IGSS Definition until the issue is resolved.