CVE-2021-32995

Cscape All Versions prior to 9.90 SP5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-32975

Cscape All Versions prior to 9.90 SP5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process...

CVE-2021-33015

Cscape All Versions prior to 9.90 SP5 lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process...

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. A buffer error vulnerability exists in Horner Automation Cscape, which arises when the product does not validate the validity of a pointer when parsing a project file, and...

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. Horner Automation Cscape suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data by the affected application when parsi...

Out-of-bounds

FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution...

FATEK Automation FvDesigner Buffer Overflow Vulnerability

FATEK Automation FvDesigner is a human-computer interaction device from FATEK Automation. A buffer overflow vulnerability exists in FATEK Automation FvDesigner versions 1.5.88 and earlier, which can be exploited by an attacker to create a special project file that allows arbitrary code execution...

FATEK Automation FvDesigner 缓冲区错误漏洞

FATEK Automation FvDesigner is a human-computer interaction device from FATEK Automation. A buffer overflow vulnerability exists in FATEK Automation FvDesigner versions 1.5.88 and earlier, which can be exploited by an attacker to create a special project file that allows arbitrary code execution...

CVE-2021-22777

A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file...

CVE-2021-22777

A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file...

CVE-2021-22777

A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file...

SoSafe Configurable 代码问题漏洞

SoSafe Configurable is a software application from Schneider-electric, France. A configuration software. A code issue vulnerability exists in SoSafe Configurable that stems from code execution that could result from opening a malicious project file...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

Information disclosure

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22778

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...