35 matches found
EUVD-2022-51439
Malicious code in bioql PyPI...
EUVD-2022-27874
Malicious code in bioql PyPI...
EUVD-2022-27875
Malicious code in bioql PyPI...
EUVD-2022-15424
Malicious code in bioql PyPI...
The software for configuring, testing, and putting into operation the Schneider Electric EcoStruxure Power Commission system is vulnerable, allowing attackers to increase their privileges.
The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to enhance their privileges...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
Authorization
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-4062
The CVE-2022-4062 issue affects Schneider Electric EcoStruxure Power Commission prior to V2.25. It is a CWE-285 improper authorization vulnerability that could allow unauthorized access to certain software functions when an attacker gains access to the localhost interface. Impact is described as ...
Schneider Electric EcoStruxure Power Commission 授权问题漏洞
Schneider Electric EcoStruxure Power Commission is a comprehensive software from Schneider Electric France that provides powerful features for setting up, testing and commissioning low voltage distribution cabinets. An authorization issue vulnerability exists in Schneider Electric EcoStruxure Pow...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected...
CVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected...
CVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...
CVE-2022-0223
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products:...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products:...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected...
Design/Logic Flaw
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...
CVE-2022-0223
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products:...