CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

105 matches found

CNNVD•added 2022/03/31 12:0 a.m.•2 views

Schneider Electric SCADAPack 代码问题漏洞

The Schneider Electric SCADAPack is an intelligent field controller from Schneider Electric that combines the monitoring and communication capabilities of a Remote Terminal Unit RTU with the processing and data logging capabilities of a Programmable Logic Controller PLC to provide superior...

5.5CVSS6.1AI score0.00941EPSS

Exploits0References6

ICS•added 2022/03/31 12:0 a.m.•43 views

Schneider Electric SCADAPack Workbench

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data...

5.5CVSS5.5AI score0.00941EPSS

Exploits0References5

CVE•added 2022/03/28 4:25 p.m.•62 views

CVE-2022-0221

CVE-2022-0221 describes an XML External Entity (XXE) vulnerability in Schneider Electric SCADAPack Workbench (versions up to 6.6.8a). The flaw arises when opening a malicious solution file, allowing information disclosure by passing data from local files to a remote attacker-controlled system. Ex...

5.5CVSS5.2AI score0.00941EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/03/28 4:25 p.m.•25 views

CVE-2022-0221

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system...

5.5CVSS5.5AI score0.00941EPSS

Exploits0References1

CVE•added 2022/03/28 4:25 p.m.•77 views

CVE-2021-22797

CVE-2021-22797 is a CWE-22 path traversal vulnerability in Schneider Electric EcoStruxure Control Expert (incl. Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. The root cause is improper validation of a user-supplied path when loading a malicious project file, which c...

9.3CVSS7.7AI score0.261EPSS

Exploits0References1Affected Software2

Cvelist•added 2022/03/28 4:25 p.m.•26 views

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

7.8CVSS8AI score0.261EPSS

Exploits0References1

Tenable Nessus•added 2022/02/07 12:0 a.m.•767 views

Schneider Electric Modicon Controllers and Software Authentication Bypass By Spoofing (CVE-2021-22779)

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

9.1CVSS8.7AI score0.01014EPSS

Exploits0References3

OSV•added 2022/01/28 8:15 p.m.•1 views

CVE-2021-22816

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334...

7.5CVSS5.8AI score0.00932EPSS

Exploits0References1

NVD•added 2022/01/28 8:15 p.m.•7 views

CVE-2021-22816

7.8CVSS0.00932EPSS

Exploits0References1

Prion•added 2022/01/28 8:15 p.m.•9 views

Design/Logic Flaw

7.8CVSS7.5AI score0.00932EPSS

Exploits0References1Affected Software9

CVE•added 2022/01/28 7:9 p.m.•52 views

CVE-2021-22816

The CVE-2021-22816 issue affects Schneider Electric SCADAPack RTUs (models 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E, 357E) running firmware 8.18.1 and earlier. The root cause is an improper check for unusual or exceptional conditions (CWE-754) that can lead to a Denial of Service when the R...

7.8CVSS7.5AI score0.00932EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/01/28 7:9 p.m.•12 views

CVE-2021-22816

7.7AI score0.00932EPSS

Exploits0References1

CNNVD•added 2022/01/28 12:0 a.m.•1 views

SCADAPack 代码问题漏洞

SCADAPack is a Schneider-electric intelligent field controller that combines the monitoring and communication capabilities of a Remote Terminal Unit RTU with the processing and data logging capabilities of a Programmable Logic Controller PLC to provide superior functionality for remote processes...

7.8CVSS7.5AI score0.00932EPSS

Exploits0References2

OSV•added 2021/07/14 3:15 p.m.•3 views

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

5.5CVSS6.1AI score

Exploits0References1

OSV•added 2021/07/14 3:15 p.m.•2 views

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

5.5CVSS6.1AI score0.00236EPSS

Exploits0References1

NVD•added 2021/07/14 3:15 p.m.•21 views

CVE-2021-22778

7.1CVSS0.00216EPSS

Exploits0References1

NVD•added 2021/07/14 3:15 p.m.•16 views

CVE-2021-22780

7.1CVSS0.00217EPSS

Exploits0References1

NVD•added 2021/07/14 3:15 p.m.•16 views

CVE-2021-22781