CVE-2022-32528

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions prior to V15.0.0.22170

Description The issue is related to a missing authentication procedure for critical functions in the IGSS Data Server, part of the Interactive Graphical SCADA System. This could allow a remote attacker to read, modify, or delete files by sending specially crafted messages, potentially leading to a denial-of-service condition. The vulnerability affects the ability to manipulate and read specific files in the IGSS project report directory.

Recommendations For versions prior to V15.0.0.22170, update to version V15.0.0.22170 or later to resolve the issue. As a temporary workaround, consider restricting access to the IGSS project report directory to minimize the risk of exploitation. Additionally, limiting the ability to send specific messages to the IGSS Data Server could help mitigate the vulnerability until a patch is applied.