EUVD-2017-14267

Malware in sbrugna...

EUVD-2014-9015

Malware in sbrugna...

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

CVE-2017-5160

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...

CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...

CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...

CVE-2017-5156

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user...

CVE-2017-5160

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...

CVE-2017-5156

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user...

CVE-2017-5156

Schneider Electric Wonderware InTouch Access Anywhere (affected >= 11.5.2) is vulnerable to CVE-2017-5156: Cross-Site Request Forgery that can allow a remote attacker on a different site to access internal RDP systems on behalf of a logged-in user. The vulnerability stems from CSRF in the web-...

Schneider Electric Wonderware InTouch Access Anywhere Privilege Gain Vulnerability

Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications.Wonderware InTouch Access Anywhere is a product that provides access to InTouch applications through a web...

Schneider Electric Wonderware InTouch Access Anywhere

CVSS v3 8.8 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: Wonderware InTouch Access Anywhere Vulnerabilities: Cross-Site Request Forgery, Information Exposure, Inadequate Encryption Strength AFFECTED PRODUCTS The following Wonderware InTouch Acce...

Wonderware Intouch 弱口令

No description provided by source...

Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability

OVERVIEW Schneider Electric Wonderware has identified a stack-based buffer overflow vulnerability in the Wonderware InTouch Access Anywhere Server product. Schneider Electric has produced a security update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

Schneider Electric InduSoft Password Storage Vulnerability

InduSoft Web Studio is a SCADA system and embedded instrumentation solution for developing HMIs, supervisory control and data acquisition. Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 stores the passwords for the...

CVE-2015-1009

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...

Design/Logic Flaw

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...

CVE-2015-1009

CVE-2015-1009 affects Schneider Electric InduSoft Web Studio (before v7.1.3.5 Patch 5) and Wonderware InTouch Machine Edition (through 7.1 SP3 Patch 4). The vulnerability is information disclosure: project-window passwords are stored in clear text in the configuration file, enabling local users t...

CVE-2015-1009

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...

Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability

Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. A buffer overflow vulnerability in Schneider Electric Wonderware InTouch Access Anywhere Server's handling of non-existe...