Lucene search
K

152 matches found

Vulnrichment
Vulnrichment
added 2022/11/04 12:0 a.m.7 views

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

7CVSS6.9AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.4 views

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

7.8CVSS7.6AI score0.0011EPSS
Exploits0References2
CVE
CVE
added 2022/11/04 12:0 a.m.49 views

CVE-2022-41669

Schneider Electric EcoStruxure Operator Terminal Expert and Pro-face BLUE are affected by CVE-2022-41669 due to improper verification of cryptographic signatures in the SGIUtility component. An attacker with local user privileges can load a malicious DLL, potentially executing arbitrary code on t...

7.8CVSS7.4AI score0.0011EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/11/04 12:0 a.m.62 views

CVE-2022-41670

CVE-2022-41670 describes a path traversal vulnerability in the SGIUtility component that could allow local-privilege attackers to load a malicious DLL and execute code. Affected: EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). Root cause: ...

7.8CVSS7.4AI score0.00187EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/11/04 12:0 a.m.28 views

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

7CVSS7.8AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/04 12:0 a.m.9 views

CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...

7CVSS7.6AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/04 12:0 a.m.8 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7CVSS7.4AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.3 views

Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...

7.8CVSS7.6AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/04 12:0 a.m.30 views

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

7CVSS7.7AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...

7.8CVSS7.6AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/04 12:0 a.m.44 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7CVSS8.1AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2022/11/04 12:0 a.m.66 views

CVE-2022-41667

The CVE-2022-41667 path-traversal issue affects EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). The root cause is improper limitation of a pathname to a restricted directory, allowing a user with local privileges to load a malicious DLL an...

7.8CVSS7.5AI score0.00215EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/11/04 12:0 a.m.61 views

CVE-2022-41668

CVE-2022-41668 describes a CWE-704 issue where an adversary with local user privileges can load a project file from an attacker-controlled network share, potentially causing execution of malicious code. Affected products are Schneider Electric EcoStruxure Operator Terminal Expert (versions before...

7.8CVSS7.5AI score0.00197EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/11/04 12:0 a.m.63 views

CVE-2022-41666

The CVE-2022-41666 issue stems from improper verification of cryptographic signatures (CWE-347), allowing a local-privilege attacker to load a malicious DLL in EcoStruxure Operator Terminal Expert and Pro-face BLUE. Affected versions: EcoStruxure Operator Terminal Expert 3.3 Hotfix 1 and earlier;...

7.8CVSS7.5AI score0.00133EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/11/04 12:0 a.m.72 views

CVE-2022-41671

CVE-2022-41671 corresponds to an SQL Injection (CWE-89) in Schneider Electric EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). The vulnerability arises from improper neutralization of SQL commands, enabling local-privilege adversaries to cr...

7.8CVSS7.8AI score0.0025EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.8 views

PT-2022-6468 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to an improper verification of cryptographic signature in the SGIUtility component. This coul...

7.8CVSS7.4AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-6502 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to incorrect project conversion, which can be exploited to execute malicious code. An adversa...

7.8CVSS7.6AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-6533 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A path traversal vulnerability exists in the SGIUtility component, allowing adversaries with local user privileges...

7.8CVSS7.4AI score0.00187EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.14 views

PT-2022-6532 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A SQL Injection vulnerability exists, allowing adversaries with local user privileges to craft a malicious SQL que...

7.8CVSS7.7AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-6534 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions 3.3 Hotfix 1 or prior Pro-face BLUE versions 3.3 Hotfix 1 or prior Description: A vulnerability exists that allows adversaries with local user privileges to load a malicious DLL, which could lead ...

7.8CVSS7.4AI score0.00133EPSS
Exploits0References6
Rows per page
Query Builder