CVE-2021-22804

Name of the Vulnerable Software and Affected Versions Interactive Graphical SCADA System Data Collector (dc.exe) versions V15.0.0.21243 and prior

Description A vulnerability exists due to missing validation of user-supplied data in network messages, which could cause disclosure of arbitrary files being read in the context of the user running IGSS. This issue is related to improper limitation of a pathname to a restricted directory. The vulnerability can be exploited by a remote attacker to gain access to confidential data.

Recommendations For versions V15.0.0.21243 and prior, consider restricting access to the dc.exe component until a patch is available. As a temporary workaround, avoid using the vulnerable Data Collector module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.