12 matches found
EUVD-2020-28604
Malware in sbrugna...
EUVD-2023-54371
Malicious code in bioql PyPI...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
CVE-2023-4516
Schneider Electric IGSS Update Service (v16.0.0.23211 and earlier) is affected by CVE-2023-4516: a CWE-306 missing authentication for a critical function vulnerability that lets a local attacker change the update source, potentially enabling remote code execution when a malicious update is applie...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
Schneider Electric Interactive Graphical SCADA System Access Control Error Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An access control error vulnerability exists in Schneider Electric IGSS Interactive Graphical...
CVE-2020-7479
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service...
CVE-2020-7479
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service...
CVE-2020-7478
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...
Design/Logic Flaw
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...