16 July 2019
Dangerous vulnerability in the IGSS system
A vulnerability (CVE-2019-6827) in Schneider Electric’s Interactive Graphical SCADA System (IGSS) has been reported. It could cause the software to crash or allow arbitrary code to be executed. The vulnerability, which has been assigned a base score of 7 on the CVSS v3 scale, affects all product versions up to 14 inclusively.
This is an out of bounds write vulnerability, where data may be written outside the intended buffer, and could be exploited by the application processing a specially crafted project file
The vulnerability has already been fixed in versions 126.96.36.19940 and 188.8.131.5220. The corrected versions are available on the vendor’s website.
Sources: ICS-CERT, Schneider Electric