47 matches found
EUVD-2022-29219
Malicious code in bioql PyPI...
EUVD-2022-29216
Malicious code in bioql PyPI...
CVE-2023-22611
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 formerly known as...
CVE-2022-24321
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo...
CVE-2022-24320
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure G...
CVE-2020-28219
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1 and EcoStruxure Geo SCADA Expert 2020 Original release and Monthly Updates to September 2020, from 83.7551....
CVE-2019-6854
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...
Schneider Electric EcoStruxure Geo SCADA Expert Multiple Vulnerabilities (SEVD-2023-010-02)
Binary data schneiderelectricecostruxuregeoscadaexpertsevd-2023-010-02.nbin...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
Input validation
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
CVE-2023-22611
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 formerly known as...
CVE-2023-22611
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 formerly known as...
CVE-2023-22611
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 formerly known as...
EcoStruxure Geo SCADA Expert 信息泄露漏洞
EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable monitoring and data acquisition SCADA software. An information disclosure vulnerability exists in EcoStruxure Geo SCADA Expert version 2019, version 2020, October 2021 to 2022, ClearSCADA that originates from exposing sensitive...
CVE-2023-22611
CVE-2023-22611 describes an information disclosure vulnerability (CWE-200) in EcoStruxure Geo SCADA Expert 2019–2021 (formerly ClearSCADA) where sensitive data could be exposed via specific messages sent to the database server TCP port. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) yi...
PT-2023-1019 · Schneider Electric · Ecostruxure Geo Scada Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Geo SCADA Expert versions 2019 through 2021 prior to October 2022 ClearSCADA versions prior to the fixed version Description: A vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific...
CVE-2022-24320
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure G...
CVE-2022-24321
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo...