268 matches found
CVE-2022-24317
Schneider Electric IGSS Data Server (v15.0.0.22020 and earlier) contains a Missing Authorization vulnerability (CWE-862) that could expose information when a specially crafted message is sent. Multiple sources (CVE records, Red Hat advisory RH:CVE-2022-24317, ZDI-22-324, CNVD-2022-13072, ICSA-22-...
CVE-2022-24317
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...
CVE-2022-24316
A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...
CVE-2022-24315
A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...
CVE-2022-24314
Schneider Electric IGSS Data Server (Interactive Graphical SCADA System Data Server) affected: v15.0.0.22020 and prior. CVE-2022-24314 is a CWE-125 Out-of-bounds Read vulnerability that can cause memory leaks and potentially denials of service when an attacker sends specially crafted messages. Th...
CVE-2022-24312
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...
CVE-2022-24311
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...
CVE-2022-24310
CVE-2022-24310 affects Schneider Electric IGSS Data Server (v15.0.0.22020 and prior). Root cause: CWE-190 integer overflow/wraparound that can cause a heap-based buffer overflow, enabling denial of service and potentially remote code execution when processing multiple specially crafted messages. ...
Schneider Electric Interactive Graphical SCADA System 安全漏洞
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Schneider Electric Interactive Graphical SCADA System suffers from a buffer overflow...
mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102827)
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...
mySCADA myPRO Operating System Command Injection Vulnerability
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands...
mySCADA myPRO 操作系统命令注入漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...
mySCADA myPRO 安全漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An authentication bypass vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to access the application without any form of authentication or authorization...
Xylem AquaView
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Xylem, Inc. Equipment: AquaView Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to create users, delete users,...
Distributed Data Systems WebHmi Authorization Issues Vulnerability
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...
Distributed Data Systems WebHMI File Upload Vulnerability
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...
Distributed Data Systems WebHmi 代码问题漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...
Logic flaw vulnerability in Tianxin SCADA system of Tianxin Instrumentation Group Co.
TIANXIN Instrumentation Group Limited is a professional service provider of flow meters and gas application system solutions in China. A logic flaw vulnerability exists in the TIANXIN SCADA system of TIANXIN Instrumentation Group Limited, which can be exploited by attackers to obtain sensitive...
Interactive Graphical SCADA System (IGSS) out-of-bounds write vulnerability (CNVD-2021-42158)
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...
Interactive Graphical SCADA System (IGSS) out-of-bounds read vulnerability (CNVD-2021-42153)
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds read vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...