Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Schneider Electric IGSS 访问控制错误漏洞
Vulnerability Description
Schneider Electric IGSS是法国施耐德电气(Schneider Electric)公司的一个多人合作应用程序。 Schneider Electric IGSS Update Service v16.0.0.23211及之前版本存在访问控制错误漏洞,该漏洞源于允许本地攻击者更改更新源的服务,并在更新时执行代码。
CVSS Information
N/A
Vulnerability Type
N/A