{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T14:11:36.496","vulnerabilities":[{"cve":{"id":"CVE-2022-24313","sourceIdentifier":"cybersecurity@se.com","published":"2022-02-09T23:15:19.793","lastModified":"2024-11-21T06:50:09.113","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)"},{"lang":"es","value":"Una CWE-120: Se presenta una vulnerabilidad de Copia del Búfer sin Comprobar el Tamaño de la Entrada que podría causar un desbordamiento del búfer en la región stack de la memoria que podría conllevar a una ejecución de código remoto cuando un atacante envía un mensaje especialmente diseñado. Producto afectado: Interactive Graphical SCADA System Data Server (versiones V15.0.0.22020 y anteriores)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_server:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0.0.22020","matchCriteriaId":"6418CE35-66F8-4EA4-9C84-4396FF70C773"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-325/","source":"cybersecurity@se.com","tags":["Patch","Third Party Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-325/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}