Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pro-face BLUE Security Vulnerabilities

cve
cve

CVE-2023-1049

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-14 08:15 AM
22
cve
cve

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7.8CVSS

7.9AI Score

0.0004EPSS

2022-11-04 03:15 PM
27
7
cve
cve

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure...

7.8CVSS

7.5AI Score

0.0005EPSS

2022-11-04 02:15 PM
28
7
cve
cve

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-11-04 01:15 PM
19
3
cve
cve

CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3...

7.8CVSS

7.5AI Score

0.0005EPSS

2022-11-04 12:15 PM
28
8
cve
cve

CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1....

7.8CVSS

7.5AI Score

0.0004EPSS

2022-11-04 12:15 PM
31
4
cve
cve

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-11-04 05:15 AM
26
4