152 matches found
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...
CVE-2022-41669
Schneider Electric EcoStruxure Operator Terminal Expert and Pro-face BLUE are affected by CVE-2022-41669 due to improper verification of cryptographic signatures in the SGIUtility component. An attacker with local user privileges can load a malicious DLL, potentially executing arbitrary code on t...
CVE-2022-41670
CVE-2022-41670 describes a path traversal vulnerability in the SGIUtility component that could allow local-privilege attackers to load a malicious DLL and execute code. Affected: EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). Root cause: ...
CVE-2022-41666
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...
CVE-2022-41667
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...
Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...
CVE-2022-41667
The CVE-2022-41667 path-traversal issue affects EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). The root cause is improper limitation of a pathname to a restricted directory, allowing a user with local privileges to load a malicious DLL an...
CVE-2022-41668
CVE-2022-41668 describes a CWE-704 issue where an adversary with local user privileges can load a project file from an attacker-controlled network share, potentially causing execution of malicious code. Affected products are Schneider Electric EcoStruxure Operator Terminal Expert (versions before...
CVE-2022-41666
The CVE-2022-41666 issue stems from improper verification of cryptographic signatures (CWE-347), allowing a local-privilege attacker to load a malicious DLL in EcoStruxure Operator Terminal Expert and Pro-face BLUE. Affected versions: EcoStruxure Operator Terminal Expert 3.3 Hotfix 1 and earlier;...
CVE-2022-41671
CVE-2022-41671 corresponds to an SQL Injection (CWE-89) in Schneider Electric EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). The vulnerability arises from improper neutralization of SQL commands, enabling local-privilege adversaries to cr...
PT-2022-6468 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to an improper verification of cryptographic signature in the SGIUtility component. This coul...
PT-2022-6502 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to incorrect project conversion, which can be exploited to execute malicious code. An adversa...
PT-2022-6533 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A path traversal vulnerability exists in the SGIUtility component, allowing adversaries with local user privileges...
PT-2022-6532 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A SQL Injection vulnerability exists, allowing adversaries with local user privileges to craft a malicious SQL que...
PT-2022-6534 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions 3.3 Hotfix 1 or prior Pro-face BLUE versions 3.3 Hotfix 1 or prior Description: A vulnerability exists that allows adversaries with local user privileges to load a malicious DLL, which could lead ...