Lucene search
K

76 matches found

CVE
CVE
added 2022/11/04 12:0 a.m.66 views

CVE-2022-41667

The CVE-2022-41667 path-traversal issue affects EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). The root cause is improper limitation of a pathname to a restricted directory, allowing a user with local privileges to load a malicious DLL an...

7.8CVSS7.5AI score0.00215EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-6534 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions 3.3 Hotfix 1 or prior Pro-face BLUE versions 3.3 Hotfix 1 or prior Description: A vulnerability exists that allows adversaries with local user privileges to load a malicious DLL, which could lead ...

7.8CVSS7.4AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-6502 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to incorrect project conversion, which can be exploited to execute malicious code. An adversa...

7.8CVSS7.6AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.14 views

PT-2022-6532 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A SQL Injection vulnerability exists, allowing adversaries with local user privileges to craft a malicious SQL que...

7.8CVSS7.7AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-6533 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: A path traversal vulnerability exists in the SGIUtility component, allowing adversaries with local user privileges...

7.8CVSS7.4AI score0.00187EPSS
Exploits0References6
ICS
ICS
added 2021/12/02 12:0 a.m.44 views

Schneider Electric SESU

1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...

3.8CVSS4.8AI score0.00237EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/08/30 12:0 a.m.6 views

The vulnerability of the Ethernet Download function in Schneider Electric’s HMI terminal configuration software, EcoStruxure Operator Terminal Expert, and the SCADA software Pro-face BLUE, related to insufficient validation of input data, allows a perpetrator to execute arbitrary codes.

The vulnerability of the Ethernet Download function in Schneider Electric’s HMI terminal configuration software, EcoStruxure Operator Terminal Expert, and the SCADA software Pro-face BLUE is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote...

10CVSS8.1AI score0.01848EPSS
Exploits0References2
NVD
NVD
added 2021/01/26 6:15 p.m.19 views

CVE-2020-28221

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE version details in the notification that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI...

9.8CVSS9.7AI score0.01848EPSS
Exploits0References1
CVE
CVE
added 2021/01/25 5:8 p.m.43 views

CVE-2020-28221

CVE-2020-28221 is an improper input validation (CWE-20) vulnerability in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE. The issue could allow arbitrary code execution when the Ethernet Download feature is enabled on the HMI. The provided sources identify the affected products but do not...

9.8CVSS9.5AI score0.01848EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/19 10:15 p.m.15 views

Privilege escalation

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime Vijeo XD that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert...

7.2CVSS7.7AI score0.00309EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/19 9:5 p.m.68 views

CVE-2020-7544

CVE-2020-7544 affects Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD). A CWE-269 improper privilege management vulnerability could enable privilege escalation on a workstation when interacting with a driver installed by the runtime. The vulnerability is reported for Eco...

7.8CVSS7.7AI score0.00309EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.7 views

Schneider Electric EcoStruxure Operator Terminal Expert Permission License and Access Control Issues Vulnerability

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is primarily used to create and edit touch applications. EcoStruxure Operator Terminal Expert suffers from a privilege license and access control...

7.8CVSS7.1AI score0.00309EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/06/17 12:0 a.m.5 views

The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert, related to incorrect processing of VXDZ files, allows a perpetrator to execute arbitrary code.

The vulnerability of Schneider Electric EcoStruxure Operator Terminal Expert software for configuring touchscreen displays is related to improper handling of VXDZ files. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file or website...

7.8CVSS7.7AI score0.01136EPSS
Exploits0References4
OSV
OSV
added 2020/06/16 8:15 p.m.3 views

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

7.8CVSS7.5AI score0.01347EPSS
Exploits0References1
NVD
NVD
added 2020/06/16 8:15 p.m.26 views

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

7.8CVSS0.01347EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 8:15 p.m.3 views

CVE-2020-7496

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause unauthorized write access when opening the project file...

7.8CVSS7.1AI score0.00862EPSS
Exploits0References1
NVD
NVD
added 2020/06/16 8:15 p.m.30 views

CVE-2020-7495

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause unauthorized write access outside of expected pa...

5.5CVSS0.00883EPSS
Exploits0References1
NVD
NVD
added 2020/06/16 8:15 p.m.23 views

CVE-2020-7497

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...

9.8CVSS0.02289EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 8:15 p.m.4 views

CVE-2020-7497

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...

9.8CVSS6AI score0.02289EPSS
Exploits0References1
OSV
OSV
added 2020/06/16 8:15 p.m.5 views

CVE-2020-7493

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

7.8CVSS7.5AI score0.01136EPSS
Exploits0References1
Rows per page
Query Builder