CVE-2022-32525

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions prior to V15.0.0.22170

Description The issue is related to a buffer copy without checking the size of input data, which could cause a stack-based buffer overflow. This might lead to remote code execution when an attacker sends specially crafted alarm data messages.

Recommendations For versions prior to V15.0.0.22170, update to a version V15.0.0.22170 or later to resolve the issue. As a temporary workaround, consider restricting access to the IGSSdataServer.exe to minimize the risk of exploitation. Avoid using the vulnerable function related to alarm data message processing until the issue is resolved.