Lucene search
K

39 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.6 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00306EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.5 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.8 views

Schneider Electric EcoStruxure Process Expert security vulnerabilities

Schneider Electric EcoStruxure Process Expert is a next-generation process automation system developed by Schneider Electric of France. It is used for designing, operating, and maintaining entire factories. Schneider Electric EcoStruxure Process Expert has a security vulnerability. This...

7CVSS5.8AI score0.00103EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.5 views

Schneider Electric EcoStruxure Power Monitoring Expert和EcoStruxure Power Operation AdvancedReporting and Dashboards Module 代码问题漏洞

Schneider Electric EcoStruxure Power Monitoring Expert and EcoStruxure Power Operation AdvancedReporting and Dashboards Module are products of Schneider Electric, France. Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT...

7.5CVSS6.3AI score0.00424EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/07/10 12:0 a.m.293 views

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below lacks authorization controls and allows anyone to masquerade as a NetBotz camera. A path traversal vulnerability enables an attacker to create a malicious folder name capable of injecting arguments into specific shell...

9.5CVSS7.6AI score0.15311EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 8:47 p.m.7 views

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

9.1CVSS6.8AI score0.01023EPSS
Exploits0References1
OSV
OSV
added 2024/02/14 5:15 p.m.5 views

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...

7.7CVSS5.8AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.8 views

PT-2024-2808 · Schneider Electric · Ecostruxure Process Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified Description: A Use of Hard-coded Credentials issue exists that could cause unauthorized access to a project file protected...

7.7CVSS7.4AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.8 views

PT-2024-1723 · Schneider Electric · Ecostruxure It Gateway

Name of the Vulnerable Software and Affected Versions: Schneider Electric EcoStruxure IT Gateway affected versions not specified Description: The issue is related to the use of hard-coded credentials in the software, which could allow an attacker to escalate their privileges locally when logged i...

7.8CVSS7AI score0.00238EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.11 views

The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2021, and ClearSCADA allows a intruder to arbitrarily insert text records into log files or fill log files with incorrect data.

The vulnerability of SCADA systems such as EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2019, and EcoStruxure Geo SCADA Expert 2021, along with ClearSCADA, is related to improper processing of output data for log files. Exploiting this vulnerability allows a malicious actor to...

5.3CVSS5.9AI score0.00417EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/04/20 12:0 a.m.7 views

The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software lies in the lack of security measures taken to protect the SQL query structure, allowing a hacker to execute arbitrary code.

The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow an attacker to execute...

7CVSS7.6AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2023/04/18 5:15 p.m.5 views

CVE-2023-1548

A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert V15.1 and above...

5.5CVSS6.1AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2023/04/18 5:15 p.m.5 views

CVE-2023-27976

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

8.8CVSS7.7AI score0.00845EPSS
Exploits0References1
OSV
OSV
added 2023/01/30 11:15 p.m.5 views

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

8.3CVSS5.8AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.7 views

PT-2023-1235 · Schneider Electric · Ecostruxure Geo Scada Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Geo SCADA Expert versions 2019 through 2021 ClearSCADA all versions Description: A vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. This...

7.5CVSS7.2AI score0.00569EPSS
Exploits0References6
OSV
OSV
added 2022/11/04 3:15 p.m.6 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7.8CVSS6AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2022/11/04 1:15 p.m.5 views

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References1
OSV
OSV
added 2022/11/04 5:15 a.m.8 views

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

7.8CVSS5.9AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert SQL注入漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used to create and edit touch applications. A SQL injection vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...

7.8CVSS7.6AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.10 views

PT-2022-6501 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path...

7.8CVSS7.4AI score0.00215EPSS
Exploits0References5
Rows per page
Query Builder