201 matches found
EUVD-2021-9849
Malicious code in bioql PyPI...
CVE-2021-22765
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 Versions 3.0.0 and newer and PowerLogic EGX300 All Versions that could cause denial of service or remote code execution via a specially crafted HTTP packet...
Schneider Electric Power Logic Authorization Bypass Through User-Controlled Key (CVE-2024-10497)
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device. This plugin only works with...
Schneider Electric Power Logic Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2024-10498)
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in...
The vulnerability of the microprogrammed software of the multi-circuit electrical voltage measuring instrument PowerLogic HDPM6000, related to the output operation exceeding the buffer boundaries in memory, allows a hacker to exploit their privileges.
The vulnerability of the microprogrammed software of the multi-circuit electrical voltage measuring instrument PowerLogic HDPM6000 lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to enhance their privileges by...
The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000, related to bypassing authentication by using a user-controlled key, allows intruders to escalate their privileges.
The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to enhance their privileges by...
The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the lack of checks for the integrity of messages during transmission over communication channels. This allows attackers to exploit their privileges.
The vulnerability of the Pro-Face GP-Pro EX automation project creation software and the Pro-face Remote HMI remote monitoring software lies in the lack of checks for the integrity of messages during transmission over communication channels. Exploiting this vulnerability allows a malicious actor ...
Schneider Electric PowerLogic HDPM6000 缓冲区错误漏洞
The Schneider Electric PowerLogic HDPM6000 is a high density metering system from Schneider Electric France. A buffer error vulnerability exists in the Schneider Electric PowerLogic HDPM6000, which stems from the inclusion of a memory buffer in-bounds operationally unrestricted vulnerability that...
Schneider Electric PowerLogic HDPM6000 安全漏洞
The Schneider Electric PowerLogic HDPM6000 is a high-density metering system from Schneider Electric France. A security vulnerability exists in the Schneider Electric PowerLogic HDPM6000 that stems from the inclusion of an authorization bypass via user control key vulnerability that could allow a...
The vulnerability of the microprogrammed software of Schneider Electric PowerLogic PM5320, PM5340, and PM5341 lies in their uncontrollable resource consumption, which allows a intruder to trigger a service failure.
The vulnerability of the microprogramming software for Schneider Electric’s PowerLogic PM5320, PM5340, and PM5341 lies in the uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially crafted IGMP packets...
Schneider Electric PowerLogic PM5300 Series Uncontrolled Resource Consumption (CVE-2024-9409)
CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. This plugin only works with Tenable.ot. Please visit...
Schneider Electric多款产品 资源管理错误漏洞
The Schneider Electric PowerLogic PM5320, among others, is a power and energy meter from Schneider Electric France. A resource management error vulnerability exists in various Schneider Electric products that stems from the presence of uncontrolled resource consumption, which could result in an...
PT-2024-10218 · Schneider Electric · Schneider Electric Powerlogic Hdpm6000
Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic HDPM6000 version 0.62.7 Description: The issue is related to an authorization bypass vulnerability that could allow an authorized attacker to modify values outside those defined by their privileges, potentially...
PT-2024-9992 · Schneider Electric · Powerlogic
Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic versions PM5320, PM5340, and PM5341 Description: An Uncontrolled Resource Consumption issue exists, potentially causing devices to become unresponsive and resulting in communication loss when a large amount of IG...
The vulnerability of the microprogramming software of Schneider Electric PowerLogic P5 relay protection devices, related to the use of cryptographic algorithms with defects, allows a intruder to cause malfunctions during maintenance, restart the device, or gain full control over the device.
The vulnerability of the microprogramming software of Schneider Electric PowerLogic P5 relay protection devices for electrical networks relates to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow attackers to cause malfunctions in the devic...
Schneider Electric PowerLogic Security Vulnerability
Schneider Electric PowerLogic is an industrial control device from Schneider Electric, a French company. Provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices, and operators. A security vulnerability exists in Schneider Electric...
Schneider Electric PowerLogic ION8650,ION8800 Download of Code Without Integrity Check (CVE-2023-5984)
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. This plugin only works with Tenable.ot. Please visit...
Schneider Electric PowerLogic ION8650,ION8800 Cross-site Scripting (CVE-2023-5985)
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user's browser when an attacker with admin privileges has modified system values. This plugin only works with Tenable.ot. Please visit...
The vulnerability of Microprogrammed Software for Power Measurement and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 arises from loading code without verifying its integrity. This allows a malicious actor to alter the firmware version with administrator privileges.
The vulnerability of Microprogrammed Software for Power Measurement Devices and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 lies in the fact that code can be loaded without checking its integrity. Exploiting this vulnerability could allow an attacker to...
The vulnerability of Microprogrammed Software for Power Measurement and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 stems from insufficient measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks.
The vulnerability of Microprogrammed Software for Power Measurement and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 is related to the lack of protective measures for website structures. Exploiting this vulnerability could allow attackers to perform cross-site...