76 matches found
CVE-2022-41667
The CVE-2022-41667 path-traversal issue affects EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). The root cause is improper limitation of a pathname to a restricted directory, allowing a user with local privileges to load a malicious DLL an...
PT-2022-6534 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions 3.3 Hotfix 1 or prior Pro-face BLUE versions 3.3 Hotfix 1 or prior Description: A vulnerability exists that allows adversaries with local user privileges to load a malicious DLL, which could lead ...
PT-2022-6502 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to incorrect project conversion, which can be exploited to execute malicious code. An adversa...
PT-2022-6532 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A SQL Injection vulnerability exists, allowing adversaries with local user privileges to craft a malicious SQL que...
PT-2022-6533 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A path traversal vulnerability exists in the SGIUtility component, allowing adversaries with local user privileges...
Schneider Electric SESU
1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...
The vulnerability of the Ethernet Download function in Schneider Electric’s HMI terminal configuration software, EcoStruxure Operator Terminal Expert, and the SCADA software Pro-face BLUE, related to insufficient validation of input data, allows a perpetrator to execute arbitrary codes.
The vulnerability of the Ethernet Download function in Schneider Electric’s HMI terminal configuration software, EcoStruxure Operator Terminal Expert, and the SCADA software Pro-face BLUE is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote...
CVE-2020-28221
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE version details in the notification that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI...
CVE-2020-28221
CVE-2020-28221 is an improper input validation (CWE-20) vulnerability in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE. The issue could allow arbitrary code execution when the Ethernet Download feature is enabled on the HMI. The provided sources identify the affected products but do not...
Privilege escalation
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime Vijeo XD that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert...
CVE-2020-7544
CVE-2020-7544 affects Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD). A CWE-269 improper privilege management vulnerability could enable privilege escalation on a workstation when interacting with a driver installed by the runtime. The vulnerability is reported for Eco...
Schneider Electric EcoStruxure Operator Terminal Expert Permission License and Access Control Issues Vulnerability
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is primarily used to create and edit touch applications. EcoStruxure Operator Terminal Expert suffers from a privilege license and access control...
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert, related to incorrect processing of VXDZ files, allows a perpetrator to execute arbitrary code.
The vulnerability of Schneider Electric EcoStruxure Operator Terminal Expert software for configuring touchscreen displays is related to improper handling of VXDZ files. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file or website...
CVE-2020-7494
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...
CVE-2020-7494
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...
CVE-2020-7496
A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause unauthorized write access when opening the project file...
CVE-2020-7495
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause unauthorized write access outside of expected pa...
CVE-2020-7497
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...
CVE-2020-7497
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...
CVE-2020-7493
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...