Lucene search
K

33 matches found

Vulnrichment
Vulnrichment
added 2025/02/13 5:40 a.m.6 views

CVE-2024-10083

CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input...

6.8CVSS6.7AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.9 views

PT-2025-6780 · Schneider Electric · Ecostruxure Process Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Process Expert version 2020R2 Description: The issue is related to improper privilege management, affecting two services, one of which manages audit trail data and the other acts as a server managing client requests. This could le...

8.5CVSS7AI score0.00162EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/02/04 10:36 p.m.6 views

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

7.7CVSS6.7AI score0.00483EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 4:10 a.m.948 views

CVE-2024-8935

CVE-2024-8935 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E. The issue is an Authentication Bypass by Spoofing enabling a Man-In-The-Middle attack during a controller–engineering workstation session, due to DH-based vulnerability that does not protect against MITM. Consequ...

7.7CVSS7AI score0.00483EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 4:10 a.m.8 views

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

7.7CVSS6.8AI score0.00483EPSS
Exploits0References1
Talos
Talos
added 2024/05/28 12:0 a.m.40 views

AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24851 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn...

7.5CVSS8AI score0.01423EPSS
Exploits1
NVD
NVD
added 2024/02/14 5:15 p.m.24 views

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

7.1CVSS6.7AI score0.0015EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 5:15 p.m.13 views

Design/Logic Flaw

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

3.2CVSS6.9AI score0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.4 views

PT-2024-2809 · Schneider Electric · Ecostruxure Process Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified Description: A vulnerability exists that could cause unauthorized access to the project file when a local user tampers with...

7.1CVSS6.6AI score0.0015EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/07/28 3:41 p.m.26 views

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

8.3AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2022/04/13 4:15 p.m.3 views

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

7.8CVSS7.4AI score
Exploits0References1
NVD
NVD
added 2020/07/23 9:15 p.m.15 views

CVE-2020-7520

A CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Schneider Electric Software Update SESU, V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on...

4.7CVSS4.8AI score0.00931EPSS
Exploits0References1
Prion
Prion
added 2020/07/23 9:15 p.m.12 views

Open redirect

A CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Schneider Electric Software Update SESU, V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on...

4CVSS4.9AI score0.00931EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder