EUVD-2015-3663

Malware in sbrugna...

The vulnerability of the WebReports server, the WebStation user interface, and the Enterprise Server installer, as well as the Enterprise Central installer, is related to insufficient protection of the web page structure, allowing a hacker to execute arbitrary code.

The vulnerabilities of the WebReports server, the WebStation user interface, and the Enterprise Server installer, as well as the Enterprise Central installer, are related to insufficient protection of the web page structure. Exploiting these vulnerabilities allows a malicious actor to execute...

The vulnerability of server installers for Building Management Systems Enterprise Server and Enterprise Central on Windows operating systems allows a hacker to increase their privileges.

The vulnerability of server installers for Building Management Systems like Enterprise Server and Enterprise Central on Windows operating systems is related to the absence of quotation marks in the wording of search elements or paths. Exploiting this vulnerability can allow attackers to increase...

CVE-2020-28209

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...

CVE-2020-28209

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...

CVE-2020-28209

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...

CVE-2020-28209

Schneider Electric’s EcoStruxure Building Operation suite is affected by CVE-2020-28209 (CWE-428: Windows Unquoted Search Path). The ICSA-21-063-02 advisory ties this CVE to the Unquoted Search Path vulnerability in the Enterprise Server installer (V1.9–V3.1) and Enterprise Central installer (V2....

Schneider Electric EcoStruxure Building Operation Enterprise Server Code Issue Vulnerability

Schneider Electric Schneider Electric EcoStruxure Building Operation Enterprise Server is an enterprise-level building control system of Schneider Electric France. The system is based on computer network, software as the core, combined with intelligent building engineering and construction...

PT-2020-5814

Name of the Vulnerable Software and Affected Versions: EcoStruxure Building Operation Enterprise Server versions 1.9 through 3.1 EcoStruxure Building Operation Enterprise Central versions 2.0 through 3.1 Description: A Windows Unquoted Search Path issue exists in the installers for Enterprise...

SAP Enterprise Central Component Privilege Vulnerability

SAP is short for "System Applications and Products", which is the software name of SAP's product, Enterprise Management Solutions. An untrustworthy search path vulnerability exists in SAP ECC, which can be exploited by a local attacker to gain privileges via a Trojan horse...

Design/Logic Flaw

Untrusted search path vulnerability in SAP Enterprise Central Component ECC allows local users to gain privileges via a Trojan horse program...

CVE-2015-3621

CVE-2015-3621 describes an untrusted search path vulnerability in SAP Enterprise Central Component (ECC) that enables local privilege escalation via a Trojan horse program. The NVD entry summarizes that untrusted search paths allow local users to gain privileges, with a high severity (CVSS v2 bas...