Lucene search
K

268 matches found

CVE
CVE
added 2022/02/09 10:5 p.m.70 views

CVE-2022-24317

Schneider Electric IGSS Data Server (v15.0.0.22020 and earlier) contains a Missing Authorization vulnerability (CWE-862) that could expose information when a specially crafted message is sent. Multiple sources (CVE records, Red Hat advisory RH:CVE-2022-24317, ZDI-22-324, CNVD-2022-13072, ICSA-22-...

7.5CVSS7.3AI score0.01188EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.21 views

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5AI score0.01188EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.25 views

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.5AI score0.01253EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.23 views

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

7.6AI score0.19255EPSS
Exploits0References2
CVE
CVE
added 2022/02/09 10:5 p.m.61 views

CVE-2022-24314

Schneider Electric IGSS Data Server (Interactive Graphical SCADA System Data Server) affected: v15.0.0.22020 and prior. CVE-2022-24314 is a CWE-125 Out-of-bounds Read vulnerability that can cause memory leaks and potentially denials of service when an attacker sends specially crafted messages. Th...

7.5CVSS7.3AI score0.18178EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/09 10:4 p.m.21 views

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

9.9AI score0.03245EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/09 10:4 p.m.25 views

CVE-2022-24311

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...

9.8AI score0.03284EPSS
Exploits0References2
CVE
CVE
added 2022/02/09 10:4 p.m.102 views

CVE-2022-24310

CVE-2022-24310 affects Schneider Electric IGSS Data Server (v15.0.0.22020 and prior). Root cause: CWE-190 integer overflow/wraparound that can cause a heap-based buffer overflow, enabling denial of service and potentially remote code execution when processing multiple specially crafted messages. ...

9.8CVSS9.6AI score0.02144EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.3 views

Schneider Electric Interactive Graphical SCADA System 安全漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Schneider Electric Interactive Graphical SCADA System suffers from a buffer overflow...

9.8CVSS6.6AI score0.44559EPSS
Exploits0References7
CNVD
CNVD
added 2021/12/23 12:0 a.m.15 views

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102827)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

10CVSS9.9AI score0.01218EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/23 12:0 a.m.22 views

mySCADA myPRO Operating System Command Injection Vulnerability

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands...

10CVSS9.8AI score0.01421EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.3 views

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

10CVSS6AI score0.01218EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.7 views

mySCADA myPRO 安全漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An authentication bypass vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to access the application without any form of authentication or authorization...

9.8CVSS5.7AI score0.01549EPSS
Exploits0References4
ICS
ICS
added 2021/12/16 12:0 a.m.57 views

Xylem AquaView

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Xylem, Inc. Equipment: AquaView Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to create users, delete users,...

9.3CVSS8.9AI score0.00211EPSS
Exploits0References4
CNVD
CNVD
added 2021/12/04 12:0 a.m.20 views

Distributed Data Systems WebHmi Authorization Issues Vulnerability

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...

9.8CVSS9.5AI score0.01392EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/04 12:0 a.m.30 views

Distributed Data Systems WebHMI File Upload Vulnerability

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...

10CVSS9.5AI score0.35804EPSS
Exploits5References1
CNNVD
CNNVD
added 2021/12/02 12:0 a.m.20 views

Distributed Data Systems WebHmi 代码问题漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...

10CVSS6.5AI score0.35804EPSS
Exploits5References9
CNVD
CNVD
added 2021/06/19 12:0 a.m.18 views

Logic flaw vulnerability in Tianxin SCADA system of Tianxin Instrumentation Group Co.

TIANXIN Instrumentation Group Limited is a professional service provider of flow meters and gas application system solutions in China. A logic flaw vulnerability exists in the TIANXIN SCADA system of TIANXIN Instrumentation Group Limited, which can be exploited by attackers to obtain sensitive...

6.7AI score
Exploits0
CNVD
CNVD
added 2021/06/09 12:0 a.m.9 views

Interactive Graphical SCADA System (IGSS) out-of-bounds write vulnerability (CNVD-2021-42158)

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

7.8CVSS7.2AI score0.00855EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/09 12:0 a.m.4 views

Interactive Graphical SCADA System (IGSS) out-of-bounds read vulnerability (CNVD-2021-42153)

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds read vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

7.8CVSS7.2AI score0.01265EPSS
Exploits0References1
Rows per page
Query Builder