35 matches found
EUVD-2022-15424
Malicious code in bioql PyPI...
EUVD-2022-27874
Malicious code in bioql PyPI...
EUVD-2022-27875
Malicious code in bioql PyPI...
EUVD-2022-51439
Malicious code in bioql PyPI...
The software for configuring, testing, and putting into operation the Schneider Electric EcoStruxure Power Commission system is vulnerable, allowing attackers to increase their privileges.
The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to enhance their privileges...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
Authorization
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
Schneider Electric EcoStruxure Power Commission 授权问题漏洞
Schneider Electric EcoStruxure Power Commission is a comprehensive software from Schneider Electric France that provides powerful features for setting up, testing and commissioning low voltage distribution cabinets. An authorization issue vulnerability exists in Schneider Electric EcoStruxure Pow...
CVE-2022-4062
The CVE-2022-4062 issue affects Schneider Electric EcoStruxure Power Commission prior to V2.25. It is a CWE-285 improper authorization vulnerability that could allow unauthorized access to certain software functions when an attacker gains access to the localhost interface. Impact is described as ...
CVE-2022-4062
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...
CVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...
CVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected...
CVE-2022-0223
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products:...
CVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products:...
Design/Logic Flaw
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources data supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission Versions pri...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected...
CVE-2022-22731
The CVE-2022-22731 entry describes a Path Traversal vulnerability in EcoStruxure Power Commission prior to v2.22. The root cause is an improper limitation of a pathname to a restricted directory, enabling an attacker to create or overwrite critical files used to execute code. Affected product: Ec...