39 matches found
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Process Expert security vulnerabilities
Schneider Electric EcoStruxure Process Expert is a next-generation process automation system developed by Schneider Electric of France. It is used for designing, operating, and maintaining entire factories. Schneider Electric EcoStruxure Process Expert has a security vulnerability. This...
Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module 代码问题漏洞
Schneider Electric EcoStruxure Power Monitoring Expert and EcoStruxure Power Operation AdvancedReporting and Dashboards Module are products of Schneider Electric, France. Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below lacks authorization controls and allows anyone to masquerade as a NetBotz camera. A path traversal vulnerability enables an attacker to create a malicious folder name capable of injecting arguments into specific shell...
CVE-2021-22779
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...
CVE-2023-6409
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...
PT-2024-2808 · Schneider Electric · Ecostruxure Process Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified Description: A Use of Hard-coded Credentials issue exists that could cause unauthorized access to a project file protected...
PT-2024-1723 · Schneider Electric · Ecostruxure It Gateway
Name of the Vulnerable Software and Affected Versions: Schneider Electric EcoStruxure IT Gateway affected versions not specified Description: The issue is related to the use of hard-coded credentials in the software, which could allow an attacker to escalate their privileges locally when logged i...
The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2021, and ClearSCADA allows a intruder to arbitrarily insert text records into log files or fill log files with incorrect data.
The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2019, and EcoStruxure Geo SCADA Expert 2021, along with ClearSCADA, is related to improper processing of output data for log files. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software lies in the lack of security measures taken to protect the SQL query structure, allowing a hacker to execute arbitrary code.
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow an attacker to execute...
CVE-2023-1548
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert V15.1 and above...
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
CVE-2022-32748
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
PT-2023-1235 · Schneider Electric · Ecostruxure Geo Scada Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Geo SCADA Expert versions 2019 through 2021 ClearSCADA all versions Description: A vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. This...
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41666
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...
Schneider Electric EcoStruxure Operator Terminal Expert SQL注入漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used to create and edit touch applications. A SQL injection vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...
PT-2022-6501 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path...