CVE-2021-22802

Name of the Vulnerable Software and Affected Versions Interactive Graphical SCADA System Data Collector (dc.exe) versions 15.0.0.21243 and prior

Description A buffer copy without checking the size of input vulnerability exists, which could result in remote code execution due to a missing length check on user-supplied data when a constructed message is received on the network. This issue is caused by a buffer overflow on the stack. The exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

Recommendations For versions 15.0.0.21243 and prior, consider disabling the reception of constructed messages on the network until a patch is available. Restrict access to the dc.exe component to minimize the risk of exploitation. Avoid using user-supplied data without proper length checks in the affected system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.