56 matches found
EUVD-2019-2695
Malware in sbrugna...
EUVD-2013-2735
Malware in sbrugna...
EUVD-2011-5063
Malware in sbrugna...
CVE-2011-5163
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence...
Schneider Electric Floating License Manager ICSA-19-192-07 Multiple Security Vulnerabilities
Description Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable. Technologies Affected...
CVE-2019-10981
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...
CVE-2019-10981
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...
Design/Logic Flaw
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...
CVE-2019-10981
The CVE-2019-10981 vulnerability affects AVEVA Vijeo Citect 7.30/7.40 and CitectSCADA 7.30/7.40, where an authenticated local user may access Citect user credentials due to Insufficiently Protected Credentials (CWE-522). Reported in ICS context with a CVSS v3 base score of 6.5 (local, low skill t...
CVE-2019-10981
In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...
AVEVA Vijeo Citect and CitectSCADA
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Vijeo Citect and CitectSCADA Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a locally authenticated user to obtain...
Design/Logic Flaw
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3....
CVE-2015-1014
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3....
CVE-2015-1014
CVE-2015-1014 affects Schneider Electric OPC Factory Server (OFS) 3.5 when used with SCADA Expert Vijeo Citect/CitectSCADA versions 7.20, 7.30, or 7.40. The vulnerability arises from DLL hijacking: a local user must load a crafted DLL into the system directory, and if the application opens that D...
Schneider Electric Floating License Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Remotely exploitable/low skill level to exploit Vendor : Schneider Electric Equipment : Floating License Manager Vulnerabilities : Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Open Redirect 2...
CitectSCADA/CitectFacilities ODBC Buffer Overflow
No description provided by source. $Id: citectscadaodbc.rb 11039 2010-11-14 19:03:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Mitsubishi MX ActiveX Component 3 - (ActUWzd.dll (WzTitle)) - Remote Exploit
No description provided by source. !-- Title: Mitsubishi MX Component v3 ActiveX 365+-Day ActUWzd.dll WzTitle By: DrIDE File: C:\MELSEC\Act\Control\ActUWzd.dll Version 1.0.0.1 Known Affected Systems: CitectScada 7.10r1 ships with this in the Extras folder. Known Affected Systems: CitectFacilities...
CVE-2013-2824
Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to...
CVE-2013-2824
CVE-2013-2824 affects Schneider Electric StruxureWare SCADA Expert Vijeo Citect (v7.40), Vijeo Citect (v7.20–7.30SP1), CitectSCADA (v7.20–7.30SP1), StruxureWare PowerSCADA Expert (v7.30–7.30SR1), and PowerLogic SCADA (v7.20–7.20SR1). The issue is an exception-handling flaw that allows remote atta...
Schneider Electric CitectSCADA Products Exception Handler Vulnerability (Update A)
OVERVIEW --------- Begin Update A Part 1 of 1 -------- This updated advisory is a follow-up to the original advisory titled ICSA-13-350-01 Schneider Electric SCADA Products Exception Handler Vulnerability that was published February 25, 2014, on the NCCIC/ICS-CERT web site. This advisory was...