19 matches found
CVE-2013-0664
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
Schneider Electric Modicon Arbitrary Code Execution (CVE-2013-0664)
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
Schneider Electric ETG3000 FactoryCast HMI Gateway < 1.60 IR 04 Unauthenticated Access
Binary data 720054.prm...
Schneider Electric ETG3000 FactoryCast HMI Gateway <= 1.60 IR 04 Hardcoded Credentials
Binary data 720157.prm...
Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities
OVERVIEW Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. Schneider Electric has produced a firmware update that mitigates part of these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...
CVE-2014-9197
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request...
Improper access control
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request...
Hardcoded credentials
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...
CVE-2014-9198 Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...
CVE-2014-9197 Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request...
CVE-2014-9198
The CVE-2014-9198 vulnerability affects Schneider Electric’s ETG3000 FactoryCast HMI Gateway (firmware up to version 1.60 IR 04). The issue is a design flaw in the FTP server that relies on hardcoded/default credentials, enabling remote attackers to access the FTP service and potentially disclose...
CVE-2014-9197
The CVE-2014-9197 issue affects Schneider Electric ETG3000 FactoryCast HMI Gateway (firmware before 1.60 IR04). An unauthenticated access path to rde.jar in the web root allows remote attackers to obtain sensitive setup/configuration information (CWE-306). Connected advisories confirm remote expl...
Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability
The Schneider Electric ETG3000 FactoryCast HMI Gateway is a Web-based SCADA system. An unauthorized access vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway, which could be exploited by an attacker to gain unauthorized access to sensitive information, such as...
Schneider Electric ETG3000 FactoryCast HMI Gateway FTP Built-in Password Vulnerability
The Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent Web gateway. A default account vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway FTP server, allowing an attacker to access the service without authentication...
Schneider Electric ETG3000 FactoryCast HMI Gateway Authentication Bypass Vulnerability
The Schneider Electric ETG3000 FactoryCast HMI Gateway is a Web-based SCADA system. An authentication bypass vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway, which can be exploited by an attacker to bypass the authentication mechanism and gain unauthorized access to...
CVE-2013-0664
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
Code injection
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
CVE-2013-0664
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
CVE-2013-0664
CVE-2013-0664 affects Schneider Electric Modicon PLCs (Quantum 140NOE77111, 140NWM10000, M340 BMXNOE0110x, Premium TSXETY5103). The vulnerability arises in the FactoryCast feature: remote authenticated users can embed Modbus messages in SOAP HTTP POST requests, enabling arbitrary code execution o...