Privilege escalation

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime Vijeo XD that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert...

CVE-2020-7544

CVE-2020-7544 affects Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD). A CWE-269 improper privilege management vulnerability could enable privilege escalation on a workstation when interacting with a driver installed by the runtime. The vulnerability is reported for Eco...

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

CVE-2020-7493

The CVE-2020-7493 issue affects Schneider Electric EcoStruxure Operator Terminal Expert (3.1 Service Pack 1 and earlier, formerly Vijeo XD). The vulnerability is a SQL Injection (CWE-89) in handling project files that can lead to code execution when opening a crafted project file. Public sources ...

Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...