Lucene search
K

44 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/01 12:0 a.m.36 views

Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...

7.5CVSS7.3AI score0.03671EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/03/01 12:0 a.m.18 views

Schneider Electric Modicon M221 Programmable Logic Controller Inadequate Encryption Strength (CVE-2020-7565)

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. This plugin on...

7.3CVSS7.3AI score0.0029EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.7 views

The vulnerability of the SoMachine and EcoStruxure Machine Expert programming devices lies in the lack of protection for operational data, which allows attackers to disclose the protected information.

The vulnerability of the SoMachine and EcoStruxure Machine Expert logic controller programs lies in the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by sending certain messages to the server’s TCP port through th...

7.8CVSS7.1AI score0.00422EPSS
Exploits0References2
OSV
OSV
added 2023/01/30 11:15 a.m.5 views

CVE-2022-2988

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References1
NVD
NVD
added 2023/01/30 11:15 a.m.13 views

CVE-2022-2988

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...

7.5CVSS5.1AI score0.00422EPSS
Exploits0References1
Prion
Prion
added 2023/01/30 11:15 a.m.14 views

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...

5CVSS7.2AI score0.00422EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/01/30 12:0 a.m.7 views

CVE-2022-2988

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...

4.3CVSS6.3AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2023/01/30 12:0 a.m.49 views

CVE-2022-2988

The CVE-2022-2988 entry concerns a CWE-787 Out-of-bounds Write vulnerability in Schneider Electric SoMachine HVAC and EcoStruxure Machine Expert – HVAC. Affects SoMachine HVAC prior to V2.1.0 and EcoStruxure Machine Expert – HVAC prior to V1.4.0. Root cause/impact: when a malicious web page is ac...

7.5CVSS7.2AI score0.00422EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/01/30 12:0 a.m.12 views

CVE-2022-2988

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...

4.3CVSS7.5AI score0.00422EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.23 views

Phoenix Contact PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...

7.5AI score0.03671EPSS
Exploits0References3
ICS
ICS
added 2021/12/02 12:0 a.m.44 views

Schneider Electric SESU

1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...

3.8CVSS4.8AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2021/09/02 5:15 p.m.6 views

CVE-2021-22704

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer all versions prior to V6.2 SP11 , Vijeo Designer Basic all versions prior to V1.2, or EcoStruxure Machine Expert all versions prior to V2.0 that could...

9.1CVSS5.8AI score0.01282EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/02 12:0 a.m.7 views

多款 Schneider Electric 产品路径遍历漏洞

Schneider Electric EcoStruxure Machine Expert-Basic and others are products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application program.Schneide...

9.1CVSS8.3AI score0.01282EPSS
Exploits0References1
NVD
NVD
added 2021/05/26 8:15 p.m.15 views

CVE-2021-22705

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...

7.8CVSS0.00246EPSS
Exploits0References1
OSV
OSV
added 2021/05/26 8:15 p.m.5 views

CVE-2021-22705

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...

7.8CVSS7.1AI score0.00246EPSS
Exploits0References1
Prion
Prion
added 2021/05/26 8:15 p.m.13 views

Design/Logic Flaw

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...

4.6CVSS7.4AI score0.00246EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/05/26 7:19 p.m.65 views

CVE-2021-22705

CVE-2021-22705 describes an Improper Restriction of Operations within the Bounds of a Memory Buffer that could allow denial of service or unauthorized access to system information when interacting with a driver installed by Schneider Electric’s Vijeo Designer or EcoStruxure Machine Expert. The co...

7.8CVSS7.3AI score0.00246EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/26 7:19 p.m.27 views

CVE-2021-22705

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...

7.6AI score0.00246EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/11/12 4:52 p.m.20 views

Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks

Two security vulnerabilities in Schneider Electric’s programmable logic controllers PLCs could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. PLCs are key pieces of equipment in environments such as electric utilities and factories. They...

0.4AI score
Exploits0References11
CNVD
CNVD
added 2020/04/23 12:0 a.m.4 views

Schneider Electric EcoStruxure Machine Expert-Basic or SoMachine Basic Injection Vulnerability

Schneider Electric EcoStruxure Machine Expert-Basic and SoMachine Basic are both products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. The program is mainly used for programmable logic controller configuration, programming a...

9.8CVSS7.5AI score0.01544EPSS
Exploits0References1
Rows per page
Query Builder