Lucene search
+L

76 matches found

OSV
OSV
added 2020/06/16 8:15 p.m.4 views

CVE-2020-7497

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...

9.8CVSS6AI score0.02289EPSS
Exploits0References1
NVD
NVD
added 2020/06/16 8:15 p.m.29 views

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

7.8CVSS0.01347EPSS
Exploits0References1
Prion
Prion
added 2020/06/16 8:15 p.m.15 views

Design/Logic Flaw

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause unauthorized write access when opening the project file...

6.8CVSS8.3AI score0.00862EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/06/16 8:15 p.m.23 views

Sql injection

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

6.8CVSS8.2AI score0.01136EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/06/16 8:15 p.m.17 views

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

6.8CVSS7.8AI score0.01347EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/16 7:13 p.m.69 views

CVE-2020-7497

The CVE-2020-7497 entry concerns a Path Traversal (CWE-22) vulnerability in Schneider Electric EcoStruxure Operator Terminal Expert (O Te) 3.1 Service Pack 1 and earlier (formerly Vijeo XD) that could cause arbitrary application execution when the computer starts. Affected component: the OT Exper...

9.8CVSS9.3AI score0.02289EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/16 7:13 p.m.51 views

CVE-2020-7496

The CVE-2020-7496 entry applies to Schneider Electric EcoStruxure Operator Terminal Expert (3.1 Service Pack 1 and prior, formerly Vijeo XD). The vulnerability is CWE-88: Argument Injection or Modification, which could enable unauthorized write access when opening a project file. Red Hat and NVD ...

7.8CVSS7.7AI score0.00862EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/16 7:11 p.m.71 views

CVE-2020-7495

Schneider Electric EcoStruxure Operator Terminal Expert (OTE) — CVE-2020-7495: A path traversal in ZIP file extraction affects OTE 3.1 Service Pack 1 and earlier (formerly Vijeo XD). The flaw allows writing outside the intended folder when opening a project file, enabling unauthorized writes. Evi...

5.5CVSS5.3AI score0.00883EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/16 7:11 p.m.70 views

CVE-2020-7494

EcoStruxure Operator Terminal Expert (Schneider Electric) vulnerable through CVE-2020-7494 (Path Traversal) in version 3.1 Service Pack 1 and earlier. Affects handling of project files and can lead to code execution within the current process when opening a malicious project file. Red Hat/RedTeam...

7.8CVSS7.7AI score0.01347EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/16 7:10 p.m.80 views

CVE-2020-7493

The CVE-2020-7493 issue affects Schneider Electric EcoStruxure Operator Terminal Expert (3.1 Service Pack 1 and earlier, formerly Vijeo XD). The vulnerability is a SQL Injection (CWE-89) in handling project files that can lead to code execution when opening a crafted project file. Public sources ...

7.8CVSS8AI score0.01136EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/05/22 12:0 a.m.4 views

Schneider Electric EcoStruxure Operator Terminal Expert Path Traversal Vulnerability

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...

9.8CVSS7.1AI score0.02289EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/22 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert Parameter Injection Vulnerability

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A parameter injection vulnerability exists in Schneider Electric EcoStruxure Operator...

7.8CVSS7.5AI score0.00862EPSS
Exploits0References1
ICS
ICS
added 2020/05/21 12:0 a.m.155 views

Schneider Electric EcoStruxure Operator Terminal Expert

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerabilities: SQL Injection, Path Traversal, Argument Injection 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS8.2AI score0.02289EPSS
Exploits0References5
CNVD
CNVD
added 2020/05/18 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert Path Traversal Vulnerability (CNVD-2020-37620)

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A path traversal vulnerability exists in the processing of ZIP files in Schneider...

5.5CVSS6.7AI score0.00883EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/18 12:0 a.m.4 views

Schneider Electric EcoStruxure Operator Terminal Expert SQL Injection Vulnerability

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is mainly used for creating and editing touch applications. A SQL injection vulnerability exists in the handling of VXDZ files in Schneider Electr...

7.8CVSS8.2AI score0.01136EPSS
Exploits0References1
Source Incite
Source Incite
added 2020/02/18 12:0 a.m.56 views

SRC-2020-0010 : Schneider Electric EcoStruxure Operator Terminal Expert Hardcoded Cryptographic Key Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows local attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. Local access to project files is required to exploit this vulnerability. The specific flaw exists within the...

6.2AI score
Exploits0
Rows per page
Query Builder