Versions
WebAccess Versions 8.3.2 and prior.
SCADAPack 7x Remote Connect V3.6.3.574 and prior.
SCADAPack x70 Security Administrator V1.2.0 and prior.
Schneider Electric Software Update (SESU) V2.4.0 and prior.
EcoStruxure Power Build-Rapsody software V2.1.13 and prior.
ClamAV AntiVirus software versions 0.99.2 and prior
Hanwha Techwin Smart Security Manager Versions 1.5 and prior
Schneider Electric Wonderware Intelligence 2014R3 and prior
Fixed in EdgeMarx Edge Switch firmware v1.9.1
Easergy T300 Firmware V1.5.2 and prior
C-Bus Toolkit v1.15.8 and prior
Fixed in EdgeMax EdgeSwitch firmware v1.9.1
Hanwha Techwin Smart Security Manager 1.5 and prior
IGSS Definition (Def.exe) V15.0.0.21041 and prior
IGSS Definition (Def.exe) version 14.0.0.20247 and prior
Fazecast jSerialComm, Version 2.2.2 and prior
C-Bus Toolkit V1.15.7 and prior
Cisco Umbrella Virtual Appliance Version 2.0.3 and prior
Modicon M218 Logic Controller V5.0.0.7 and prior
Fuji Electric FRENIC Loader 3.5.0.0 and prior
INTERSCHALT VDR G4e 5.220 and prior
Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior
Druva inSync macOS Client Installers for v6.8.0 and prior
Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior
Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior
GP-Pro EX V4.09.250 and prior
Fixed version EdgeSwitch firmware v1.9.1
Belden Hirschmann GECKO 2.0.00 and prior
LCDS LAquis SCADA Versions 4.3.1 and prior
Versions 5.1.3 and prior
Fuji Electric V-Server 4.0.6 and prior
IGSS Definition (Def.exe) V15.0.0.21140 and prior
VASA Provider Virtual Appliance versions 8.3.x and prior
homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
Rockwell Automation RSLinx Classic versions 4.1.00 and prior
Advantech SUSIAccess Server 3.0 and prior
SoMove V2.8.1 and prior
Easergy Builder V1.4.7.2 and prior
Interactive Graphical SCADA System (IGSS) Version 14 and prior
ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module
Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior)
Modicon M218 Logic Controller (V5.1.0.6 and prior)
Modicon M218 Logic Controller (Firmware version 4.3 and prior)
EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)
C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)
Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)
Recent CVEs
CVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
CVE-2021-22800
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)
CVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
CVE-2021-22805
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CVE-2021-22804
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)