43 matches found
EUVD-2022-27866
Malicious code in bioql PyPI...
EUVD-2022-37704
Malicious code in bioql PyPI...
EUVD-2022-27865
Malicious code in bioql PyPI...
EUVD-2022-37705
Malicious code in bioql PyPI...
EUVD-2022-37706
Malicious code in bioql PyPI...
CVE-2022-22722
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...
CVE-2022-22723
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be...
The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices arises from copying buffers without checking the size of the input data. This allows a malicious actor to execute arbitrary code.
The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices lies in the copying of buffers without checking the size of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality,...
The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices, related to insufficient verification of input data, allows a intruder to disable the device’s control function.
The vulnerability of the microprogramming software in Schneider Electric Easergy P5 relay protection and control devices is related to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to disable the device’s control functions...
CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34758
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34758
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34757
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...
CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
Design/Logic Flaw
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
Design/Logic Flaw
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...
Input validation
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34758
CVE-2022-34758 affects Schneider Electric Easergy P5 (firmware prior to v01.401.102). It is an Improper Input Validation vulnerability (CWE-20) that could disable the device watchdog if an attacker has privileged credentials. The published advisories confirm vulnerable P5 firmware and provide a p...
CVE-2022-34758
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 V01.401.102 and prior...