CVE-2021-22803

Name of the Vulnerable Software and Affected Versions Interactive Graphical SCADA System (IGSS) versions prior to 15.0.0.21243 Interactive Graphical SCADA System Data Collector (dc.exe) versions 15.0.0.21243 and prior

Description The issue is related to an unrestricted upload of files with dangerous types, which could allow a remote attacker to execute arbitrary code. This can be achieved by sending constructed messages on the network, allowing the attacker to write arbitrary files to folders in the context of the DC module.

Recommendations For versions prior to 15.0.0.21243, update to a version that contains a fix for this issue. For Interactive Graphical SCADA System Data Collector (dc.exe) versions 15.0.0.21243 and prior, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the DC module to minimize the risk of exploitation.