105 matches found
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...
CVE-2020-7529
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Transversal' vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-7528
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer...
CVE-2020-7531
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-7529
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Transversal' vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file...
CVE-2020-7528
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer...
CVE-2020-7531
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user...
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...
Deserialization of untrusted data
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer...
Improper access control
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user...
Path traversal
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Transversal' vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file...
CVE-2020-7532
The CVE-2020-7532 issue affects SCADAPack x70 Security Administrator (V1.2.0 and prior). It is a CWE-502 Deserialization of Untrusted Data flaw where an attacker can craft a malicious .SDB file containing a serialized buffer, enabling arbitrary code execution. The Red Hat advisory corroborates th...
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...
CVE-2020-7531
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user...
CVE-2020-7531
CVE-2020-7531 affects SCADAPack 7x Remote Connect (v3.6.3.574 and earlier). The vulnerability is CWE-284 Improper Access Control: an attacker can place executables in a specific folder and have them executed when RemoteConnect runs. No explicit remediation or fix version is provided in the connec...
CVE-2020-7530
CVE-2020-7530 affects SCADAPack 7x Remote Connect ≤ 3.6.3.574, with a CWE-285 improper authorization flaw that enables access to executable code folders. Root cause: insufficient/authentication weakness in the authorization mechanism. Consequence: potential unauthorized access to folders containi...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
CVE-2020-7529
SCADAPack 7x Remote Connect (versions up to 3.6.3.574) contains a path traversal vulnerability (CWE-22) that lets an attacker craft an RCZ file to place content in any unprotected directory on the target system. Root cause: improper pathname handling allowing access outside a restricted directory...