53 matches found
CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
Xxe
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2018-7783
CVE-2018-7783 affects Schneider Electric SoMachine Basic prior to v1.6 SP1. The vulnerability is an XML External Entity (XXE) flaw triggered by unsanitized input to the XML parser, enabling disclosure/retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. Affected produ...
Schneider Electric Patches XML Vulnerability In Software
Schneider Electric on Tuesday issued fixes for a vulnerability in its SoMachine Basic software, which could result in the disclosure and retrieval of arbitrary data. The software in question is used to develop code for programmable logic controllers. Attackers can leverage a vulnerability within...
Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R Security Bypass Vulnerability
Schneider Electric SoMachine Basic and Schneider Electric Modicon TM221CE16R are both products of Schneider Electric France. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. A security vulnerability exists in...
Schneider Electric Modicon M221 PLCs and SoMachine Basic
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure AFFECTED PRODUCTS Schneider Electric...
Schneider Electric Modicon M221 PLCs and SoMachine Basic (Update A)
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure UPDATE INFORMATION This updated...
Hardcoded credentials
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...
CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...
CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...
CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Modicon TM221CE16R 1.3.3.3 contain a hardcoded cryptographic key used to AES-CBC encrypt project files; the fixed key (SoMachineBasicSoMachineBasicSoMa) cannot be changed, allowing decrypted data to reveal the user password and enable opening/modifyi...
Schneider Modicon M221CE16R Hard-Coded Vulnerability
The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...