Lucene search
K

60 matches found

CNVD
CNVD
added 2020/11/20 12:0 a.m.12 views

Schneider Electric EcoStruxure Building Operation WebReports Arbitrary File Upload Vulnerability

Schneider Electric EcoStruxure Building Operation WebReports is a web application for creating, viewing and managing reports. An arbitrary file upload vulnerability exists in Schneider Electric EcoStruxure Building Operation WebReports 1.9-3.1. The vulnerability stems from improper validation of...

8.8CVSS7.7AI score0.02292EPSS
Exploits0References1
OSV
OSV
added 2020/11/19 10:15 p.m.5 views

CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

5.4CVSS6.2AI score0.00835EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.19 views

CVE-2020-7572

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server...

8.8CVSS8.8AI score0.01784EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.24 views

CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

5.4CVSS5.8AI score0.00835EPSS
Exploits0References1
OSV
OSV
added 2020/11/19 10:15 p.m.5 views

CVE-2020-7569

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code...

8.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.38 views

CVE-2020-7569

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code...

8.8CVSS9AI score0.02292EPSS
Exploits0References1
OSV
OSV
added 2020/11/19 10:15 p.m.3 views

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

6.5CVSS6.7AI score0.01356EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.20 views

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

6.5CVSS7AI score0.01356EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.15 views

CVE-2020-28209

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...

7CVSS7.4AI score0.00271EPSS
Exploits0References1
Prion
Prion
added 2020/11/19 10:15 p.m.14 views

Design/Logic Flaw

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...

4.4CVSS7.3AI score0.00271EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/19 10:15 p.m.19 views

Cross site scripting

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Stored vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect...

3.5CVSS5.7AI score0.00835EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/19 10:15 p.m.18 views

Unrestricted file upload

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code...

6.5CVSS8.9AI score0.02292EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/19 10:15 p.m.20 views

Improper access control

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

6.4CVSS6.9AI score0.01356EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/11/19 9:15 p.m.22 views

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

6.1CVSS6.8AI score0.00924EPSS
Exploits0References1
OSV
OSV
added 2020/11/19 9:15 p.m.6 views

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

6.1CVSS6.4AI score0.00924EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/19 9:15 p.m.21 views

CVE-2020-28209

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...

7.6AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2020/11/19 9:15 p.m.67 views

CVE-2020-28209

Schneider Electric’s EcoStruxure Building Operation suite is affected by CVE-2020-28209 (CWE-428: Windows Unquoted Search Path). The ICSA-21-063-02 advisory ties this CVE to the Unquoted Search Path vulnerability in the Enterprise Server installer (V1.9–V3.1) and Enterprise Central installer (V2....

7CVSS7.5AI score0.00271EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/19 9:15 p.m.21 views

Cross site scripting

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

4.3CVSS6.7AI score0.00924EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/19 9:2 p.m.56 views

CVE-2020-7573

The CVE concerns EcoStruxure Building Operation WebReports, affected in versions 1.9–3.1, with a CWE-284 Improper Access Control vulnerability that could allow a remote attacker to access restricted web resources. Root cause is improper access control in WebReports. The ICSA advisory notes exploi...

6.5CVSS6.4AI score0.01356EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/19 9:2 p.m.25 views

CVE-2020-7573

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control...

6.4AI score0.01356EPSS
Exploits0References1
Rows per page
Query Builder