April 28, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple VMware vRealize Vulnerabilities
October 13, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess SCADA
October 13, 2021Rewterz Threat Advisory – Multiple VMware vRealize Vulnerabilities
October 13, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess SCADA
October 13, 2021
Severity
High
Analysis Summary
CVE-2021-22802
The affected product is vulnerable to remote code execution, due to missing length check on user-supplied data, when a constructed message is received on the network.
CVE-2021-22803
By sending constructed messages on the network, an attacker could write arbitrary files to folders in the context of the DC module that could lead to remote code execution.
CVE-2021-22804
An issue exists that could allow disclosure and read access of arbitrary files in the context of the user running IGSS, due to missing validation of user-supplied data in network messages.
CVE-2021-22805
An issue exists that could allow disclosure and read access of arbitrary files in the context of the user running IGSS, due to missing validation of user-supplied data in network messages.
Impact
- Remote Code Execution
- Information Disclosure
Affected Vendors
- Schneider Electric
Affected Products
- IGSS Data Collector (dc.exe): v15.0.0.21243 and prior
Remediation
Refer to CERT-ICS Advisory for the patch, upgrade, or suggested workaround information.
