12 matches found
EUVD-2022-35814
Malicious code in bioql PyPI...
CVE-2022-32747
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...
CVE-2022-32748
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
CVE-2022-32747
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...
Spoofing
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...
CVE-2022-32748
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
Schneider Electric EcoStruxure Cybersecurity Admin Expert 安全漏洞
Schneider Electric EcoStruxure Cybersecurity Admin Expert Schneider Electric EcoStruxure CAE is a cybersecurity administration expert from Schneider Electric, France. A security vulnerability exists in versions of Schneider Electric EcoStruxure Cybersecurity Admin Expert prior to 2.2, which stems...
CVE-2022-32747
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...
CVE-2022-32747
CVE-2022-32747 affects Schneider Electric’s EcoStruxure Cybersecurity Admin Expert (CAE) prior to 2.2. The issue is a CWE-290 authentication bypass by spoofing a device on the local network, which could cause legitimate users to be locked out or enable backdoor account creation. Root cause: spoof...
CVE-2022-32748
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
PT-2022-3475 · Schneider Electric · Ecostruxure Cybersecurity Admin Expert
Name of the Vulnerable Software and Affected Versions: EcoStruxure Cybersecurity Admin Expert CAE versions prior to 2.2 Description: The issue is related to improper certificate validation, which could allow a remote attacker to conduct man-in-the-middle attacks and disclose protected information...
PT-2022-3530 · Schneider Electric · Ecostruxure Cybersecurity Admin Expert
Name of the Vulnerable Software and Affected Versions: EcoStruxure Cybersecurity Admin Expert CAE versions prior to 2.2 Description: A vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local...