Schneider Electric SoMachine Software SQL Gateway Detection (Windows SMB Login)

Detects the installed version of Schneider Electric SoMachine Software SQL Gateway for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Schneider Electric SoMachine Configuration Manager Detection (Windows SMB Login)

Detects the installed version of Schneider Electric SoMachine Configuration Manager for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

PT-2019-1482

Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.10.0.0 SoMachine Basic affected versions not specified Description The issue is related to an incorrect configuration of the Ethernet interface in the Modicon M221 programmable logic controller when the...

High-Severity Flaws Patched in Schneider Electric Products

Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221,...

Schneider Electric Modicon M221

1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely...

Schneider Electric SoMachine Basic XML External Entity Injection Vulnerability

Schneider Electric SoMachine Basic is a software for programming and debugging components on a control platform from the French company Schneider Electric Schneider Electric. An XML external entity injection vulnerability exists in Schneider Electric SoMachine Basic version 1.6 SP1, which stems...

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

Xxe

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2018-7783

CVE-2018-7783 affects Schneider Electric SoMachine Basic prior to v1.6 SP1. The vulnerability is an XML External Entity (XXE) flaw triggered by unsanitized input to the XML parser, enabling disclosure/retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. Affected produ...

Schneider Electric Patches XML Vulnerability In Software

Schneider Electric on Tuesday issued fixes for a vulnerability in its SoMachine Basic software, which could result in the disclosure and retrieval of arbitrary data. The software in question is used to develop code for programmable logic controllers. Attackers can leverage a vulnerability within...

CVE-2017-7965

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller...

CVE-2017-7966

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL...

CVE-2017-7966

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL...

CVE-2017-7965

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller...

Design/Logic Flaw

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL...

Buffer overflow

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller...

CVE-2017-7965

CVE-2017-7965 is a stack-based buffer overflow vulnerability in AlTracePrint.exe, part of Schneider Electric SoMachine HVAC programming software (v2.1.0) for Modicon M171/M172 controllers. The issue arises when AlTracePrint.exe is called in a way that could overflow a stack buffer, per CVE-2017-7...

CVE-2017-7966

CVE-2017-7966 describes an DLL Hijacking/Uncontrolled Search Path Element flaw in Schneider Electric SoMachine HVAC programming software. Affected product: SoMachine HVAC v2.1.0 (and earlier per ICS-CERT) with improper DLL loading enabling arbitrary code execution. NVD notes a network-exploitable...