EUVD-2020-28672

Malware in sbrugna...

EUVD-2022-39938

Malicious code in bioql PyPI...

EUVD-2022-29217

Malicious code in bioql PyPI...

EUVD-2023-12633

Malicious code in bioql PyPI...

CVE-2023-0595

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...

Schneider Electric EcoStruxure Geo SCADA Expert Multiple Vulnerabilities (SEVD-2023-010-02)

Binary data schneiderelectricecostruxuregeoscadaexpertsevd-2023-010-02.nbin...

Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the exportSvg method. Due to...

Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of log files. The issue results fr...

Schneider Electric EcoStruxure Power Design

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Design Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution...

Schneider Electric EcoStruxure Operator Terminal Expert VXDZ File Parsing Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specif...

Schneider Electric EcoStruxure Foxboro DCS Buffer Overflow Vulnerability

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A buffer overflow vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Control Core Services, which originates from a boundary error wh...

Schneider Electric EcoStruxure Control Expert Denial of Service Vulnerability

Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A denial of service vulnerability exists in Schneider Electric EcoStruxure Control Expert V15.1 and prior versions, which stems from...

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2022-45788)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...

Schneider Electric Modicon M221 Programmable Logic Controller Small Space of Random Values (CVE-2020-7566)

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. This plugin onl...

Schneider Electric Modicon X80 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22749)

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially...

CVE-2023-0595

CVE-2023-0595 describes CWE-117: Improper Output Neutralization for Logs. Affects EcoStruxure Geo SCADA Expert (2019–2021, all versions prior to October 2022) and ClearSCADA (all versions prior to October 2022). The issue involves misinterpretation of log files caused by malicious packets sent to...

Information disclosure

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 formerly known as...

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

CVE-2022-0223

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products:...