35 matches found
EUVD-2014-9015
Malware in sbrugna...
EUVD-2017-14267
Malware in sbrugna...
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems, related to buffer overflow in the queue, allows a malicious actor to trigger an emergency shutdown of the system.
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to cause an emergency shutdown of the system using a specially crafted file...
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems, related to buffer overflow in the stack, allows a malicious actor to trigger an emergency shutdown of the system.
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch SCADA systems is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to reassign the return address and trigger an emergency shutdown using a specially craft...
CVE-2017-5160
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...
CVE-2017-5156
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user...
CVE-2017-5158
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...
CVE-2017-5160
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly...
CVE-2017-5158
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...
CVE-2017-5156
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user...
CVE-2017-5156
Schneider Electric Wonderware InTouch Access Anywhere (affected >= 11.5.2) is vulnerable to CVE-2017-5156: Cross-Site Request Forgery that can allow a remote attacker on a different site to access internal RDP systems on behalf of a logged-in user. The vulnerability stems from CSRF in the web-...
Schneider Electric Wonderware InTouch Access Anywhere Privilege Gain Vulnerability
Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications.Wonderware InTouch Access Anywhere is a product that provides access to InTouch applications through a web...
Schneider Electric Wonderware InTouch Access Anywhere
CVSS v3 8.8 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: Wonderware InTouch Access Anywhere Vulnerabilities: Cross-Site Request Forgery, Information Exposure, Inadequate Encryption Strength AFFECTED PRODUCTS The following Wonderware InTouch Acce...
Wonderware Intouch 弱口令
No description provided by source...
Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability
OVERVIEW Schneider Electric Wonderware has identified a stack-based buffer overflow vulnerability in the Wonderware InTouch Access Anywhere Server product. Schneider Electric has produced a security update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED...
Schneider Electric InduSoft Password Storage Vulnerability
InduSoft Web Studio is a SCADA system and embedded instrumentation solution for developing HMIs, supervisory control and data acquisition. Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 stores the passwords for the...
Design/Logic Flaw
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...
CVE-2015-1009
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...
CVE-2015-1009
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file...