Lucene search
K

152 matches found

Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-6534 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions 3.3 Hotfix 1 or prior Pro-face BLUE versions 3.3 Hotfix 1 or prior Description: A vulnerability exists that allows adversaries with local user privileges to load a malicious DLL, which could lead ...

7.8CVSS7.4AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.2 views

PT-2022-4770 · Schneider Electric +1 · Ecostruxure Machine Scada Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Machine SCADA Expert affected versions not specified Pro-face BLUE Open Studio affected versions not specified Description: The issue is related to the restoration of invalid data in memory, which could allow an attacker to execut...

7.2CVSS7.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/08/30 12:0 a.m.5 views

The vulnerability of the Ethernet Download function in Schneider Electric’s HMI terminal configuration software, EcoStruxure Operator Terminal Expert, and the SCADA software Pro-face BLUE, related to insufficient validation of input data, allows a perpetrator to execute arbitrary codes.

The vulnerability of the Ethernet Download function in Schneider Electric’s HMI terminal configuration software, EcoStruxure Operator Terminal Expert, and the SCADA software Pro-face BLUE is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote...

10CVSS8.1AI score0.01848EPSS
Exploits0References2
OSV
OSV
added 2021/01/26 6:15 p.m.4 views

CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE version details in the notification that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI...

9.8CVSS7.8AI score0.01848EPSS
Exploits0References1
NVD
NVD
added 2021/01/26 6:15 p.m.18 views

CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE version details in the notification that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI...

9.8CVSS9.7AI score0.01848EPSS
Exploits0References1
Prion
Prion
added 2021/01/26 6:15 p.m.18 views

Input validation

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE version details in the notification that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI...

9.3CVSS9.6AI score0.01848EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/01/25 5:8 p.m.22 views

CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE version details in the notification that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI...

9.7AI score0.01848EPSS
Exploits0References1
CVE
CVE
added 2021/01/25 5:8 p.m.42 views

CVE-2020-28221

CVE-2020-28221 is an improper input validation (CWE-20) vulnerability in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE. The issue could allow arbitrary code execution when the Ethernet Download feature is enabled on the HMI. The provided sources identify the affected products but do not...

9.8CVSS9.5AI score0.01848EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/18 12:0 a.m.6 views

The vulnerability of the software used for creating Pro-Face GP-Pro EX automation projects, due to insufficient validation of input data, allows a perpetrator to execute any executable file upon running GP-Pro EX.

The vulnerability of the software used for creating Pro-Face GP-Pro EX automation projects is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute any executable file upon running GP-Pro EX...

9CVSS7.8AI score0.02196EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2019/01/03 12:0 a.m.59 views

Schneider Electric Pro-face GP-Pro EX

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to...

8.8CVSS8.9AI score0.02196EPSS
Exploits0References6
OSV
OSV
added 2018/12/24 4:29 p.m.3 views

CVE-2018-7832

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

8.8CVSS6AI score0.02196EPSS
Exploits0References3
Prion
Prion
added 2018/12/24 4:29 p.m.14 views

Input validation

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

6.5CVSS8.7AI score0.02196EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/12/24 4:29 p.m.23 views

CVE-2018-7832

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

8.8CVSS8.8AI score0.02196EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/12/24 4:0 p.m.24 views

CVE-2018-7832

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

8.8AI score0.02196EPSS
Exploits0References3
CVE
CVE
added 2018/12/24 4:0 p.m.57 views

CVE-2018-7832

CVE-2018-7832 affects Pro-face GP-Pro EX, specifically Version 4.08 and earlier. The vulnerability stems from improper input validation, which could allow launching an arbitrary executable when GP-Pro EX is started. The ICS advisory confirms the affected product and version range and notes the ve...

8.8CVSS8.7AI score0.02196EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/09/26 1:29 a.m.18 views

CVE-2017-9961

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

7.8CVSS7.8AI score0.00378EPSS
Exploits0References2
OSV
OSV
added 2017/09/26 1:29 a.m.4 views

CVE-2017-9961

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

7.8CVSS6.1AI score0.00378EPSS
Exploits0References2
Prion
Prion
added 2017/09/26 1:29 a.m.12 views

Code injection

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

4.6CVSS7.8AI score0.00378EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/09/25 7:0 p.m.43 views

CVE-2017-9961

Schneider Electric Pro-face GP-Pro EX (software) version 4.07.000 is affected by CVE-2017-9961: an Uncontrolled Search Path Element vulnerability (CWE-427) that can force a process to load an arbitrary DLL and execute code in the current process context. Exploitation is local (not remote) and req...

7.8CVSS7.8AI score0.00378EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/25 7:0 p.m.20 views

CVE-2017-9961

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

7.8AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder