Schneider Electric IGSS Buffer Overflow

CVEs (1)

Remediations

• The best mitigation for this vulnerability is applying the appropriate vendor-supplied patch listed in the footnotes below. Schneider Electric has issued two patches for versions V9 and V10
• If this vulnerability is not mitigated, a remote attacker could cause a buffer overflow and allow malicious code to be executed with administrator privileges. of the IGSS software to address this vulnerability. These patches are available from the Schneider Electric Web site or directly from the links in this advisory. Aaron Portnoy of Exodus Intelligence has validated the patches.
• Users of this software with older versions should upgrade their software or employ other mitigation methods. At a minimum, this port should be filtered to only allow access from the specific IP addresses for the devices being controlled or monitored. General measures listed below can also be employed to help mitigate this vulnerability.

Affected Vendors

Affected Products (1)