42 matches found
EUVD-2017-18872
Malware in sbrugna...
EUVD-2017-16939
Malware in sbrugna...
EUVD-2017-16941
Malware in sbrugna...
EUVD-2017-16942
Malware in sbrugna...
EUVD-2017-16940
Malware in sbrugna...
The vulnerability of the software for creating control panels for energy management systems, namely EcoStruxure PowerSCADA Operation (PSO) – Advanced Reporting and Dashboards Module, EcoStruxure PowerOperation (EPO) – Advanced Reporting and Dashboards Module, and the energy monitoring software EcoStruxure Power Monitoring Expert, arises due to insufficient protection measures for the website structure. This allows attackers to execute arbitrary JavaScript code.
The vulnerability of the software used for creating control panels for energy management systems, such as EcoStruxure PowerSCADA Operation PSO – Advanced Reporting and Dashboards Module, EcoStruxure PowerOperation EPO – Advanced Reporting and Dashboards Module, and the energy monitoring software...
The vulnerability of the software used for creating control panels for energy management systems, namely EcoStruxure PowerSCADA Operation (PSO) – Advanced Reporting and Dashboards Module, EcoStruxure PowerOperation (EPO) – Advanced Reporting and Dashboards Module, and the energy monitoring software EcoStruxure Power Monitoring Expert, stems from the redirection of URLs to an unreliable website. This allows a hacker to redirect users to any arbitrary URL address.
The vulnerability of the software used for creating control panels for energy management systems, such as EcoStruxure PowerSCADA Operation PSO – Advanced Reporting and Dashboards Module, EcoStruxure PowerOperation EPO – Advanced Reporting and Dashboards Module, and the energy monitoring software...
The vulnerability of the PowerSCADA Expert system for data collection and process control allows a perpetrator to gain access to user account information due to insufficient protection of registration data.
The vulnerability of the PowerSCADA Expert system for data collection and process control is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to gain access to user account information...
Schneider Electric PowerSCADA Anywhere and Citect Anywhere Cross-Site Request Forgery Vulnerability
Schneider Electric PowerSCADA Anywhere and Citect Anywhere are products of Schneider Electric, France.Schneider Electric PowerSCADA Anywhere is a substation monitoring system. Schneider Electric PowerSCADA Anywhere is a substation monitoring system, PowerSCADA Expert is a data acquisition softwar...
CVE-2017-9963
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack require...
CVE-2017-9963
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack require...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack require...
CVE-2017-9963
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack require...
CVE-2017-9963
Summary: A cross-site request forgery vulnerability exists in the Secure Gateway component of Schneider Electric’s PowerSCADA Anywhere 1.0 (bundled with PowerSCADA Expert 8.1/8.2) and Citect Anywhere 1.0. The flaw enables multiple state-changing requests and requires some social engineering to lu...
CVE-2017-7970
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...
CVE-2017-7971
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate...
CVE-2017-7970
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server...
CVE-2017-7972
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes...
CVE-2017-7969
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack require...
CVE-2017-7972
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes...