Login Sign Up

CVE-2020-7550

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote code execution when a malicious CGF file is imported into IGSS Definition software. Attackers can exploit a buffer overflow weakness to execute arbitrary code on affected systems. Users of Schneider Electric IGSS Definition version 14.0.0.20247 and earlier are affected.

💻 Affected Systems

Products:
  • Schneider Electric IGSS Definition
Versions: 14.0.0.20247 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when importing malicious CGF files; normal operation without file import is not vulnerable.

📦 What is this software?

Interactive Graphical Scada System by Schneider Electric

View all CVEs affecting Interactive Graphical Scada System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to other systems, or disrupt industrial operations.

🟠

Likely Case

Attackers gain control of the IGSS Definition workstation, potentially accessing SCADA/HMI systems and industrial networks.

🟢

If Mitigated

Limited impact with proper network segmentation and file validation controls in place.

🌐 Internet-Facing: LOW (IGSS Definition typically not internet-facing, but could be exposed via remote access)
🏢 Internal Only: HIGH (Attackers with internal access or who can deliver malicious files can exploit this)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to import malicious file; no authentication bypass needed for file import functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 14.0.0.20248 and later

Vendor Advisory: https://www.se.com/ww/en/download/document/SEVD-2020-315-03/

Restart Required: Yes

Instructions:

1. Download updated IGSS Definition from Schneider Electric portal. 2. Install update following vendor instructions. 3. Restart system after installation.

🔧 Temporary Workarounds

Restrict CGF file imports

windows

Block import of CGF files through application configuration or group policy

User awareness training

all

Train users to only import CGF files from trusted sources

🧯 If You Can't Patch

  • Implement strict file validation for CGF imports using application whitelisting
  • Segment IGSS Definition systems from critical networks and implement network monitoring

🔍 How to Verify

Check if Vulnerable:

Check IGSS Definition version in Help > About; if version is 14.0.0.20247 or earlier, system is vulnerable.

Check Version:

Check application version via Help > About in IGSS Definition GUI

Verify Fix Applied:

Verify version is 14.0.0.20248 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Def.exe
  • Failed CGF file import attempts
  • Memory access violations in application logs

Network Indicators:

  • Unexpected outbound connections from IGSS Definition system
  • File transfers to IGSS Definition on port 12397 (default IGSS port)

SIEM Query:

Process Creation where Parent Process contains 'Def.exe' AND Command Line contains unusual parameters

📊 Metadata

CVE ID: CVE-2020-7550
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: November 19, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7550, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)