Dangerous vulnerability in the IGSS system

A vulnerability (CVE-2019-6827) in Schneider Electric’s Interactive Graphical SCADA System (IGSS) has been reported. It could cause the software to crash or allow arbitrary code to be executed. The vulnerability, which has been assigned a base score of 7 on the CVSS v3 scale, affects all product versions up to 14 inclusively.

This is an out of bounds write vulnerability, where data may be written outside the intended buffer, and could be exploited by the application processing a specially crafted project file

The vulnerability has already been fixed in versions 13.0.0.19140 and 14.0.0.19120. The corrected versions are available on the vendor’s website.

Sources: ICS-CERT, Schneider Electric