Lucene search
+L

152 matches found

nvd
nvd
added 2022/11/04 2:15 p.m.24 views

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

7.8CVSS0.00187EPSS
Exploits0References1
osv
osv
added 2022/11/04 2:15 p.m.5 views

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

7.8CVSS5.9AI score0.00187EPSS
Exploits0References1
prion
prion
added 2022/11/04 2:15 p.m.27 views

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

4.3CVSS7.5AI score0.00187EPSS
Exploits0References1Affected Software2
nvd
nvd
added 2022/11/04 1:15 p.m.36 views

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

7.8CVSS0.0011EPSS
Exploits0References1
osv
osv
added 2022/11/04 1:15 p.m.6 views

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

7.8CVSS5.9AI score0.0011EPSS
Exploits0References1
prion
prion
added 2022/11/04 1:15 p.m.23 views

Information disclosure

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

4.3CVSS7.5AI score0.0011EPSS
Exploits0References1Affected Software2
osv
osv
added 2022/11/04 12:15 p.m.6 views

CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1...

7.8CVSS5.9AI score0.00197EPSS
Exploits0References1
nvd
nvd
added 2022/11/04 12:15 p.m.42 views

CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1...

7.8CVSS0.00197EPSS
Exploits0References1
nvd
nvd
added 2022/11/04 12:15 p.m.33 views

CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...

7.8CVSS0.00215EPSS
Exploits0References1
osv
osv
added 2022/11/04 12:15 p.m.5 views

CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...

7.8CVSS5.9AI score0.00215EPSS
Exploits0References1
prion
prion
added 2022/11/04 12:15 p.m.24 views

Design/Logic Flaw

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1...

4.3CVSS7.5AI score0.00197EPSS
Exploits0References1Affected Software2
prion
prion
added 2022/11/04 12:15 p.m.16 views

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...

4.3CVSS7.5AI score0.00215EPSS
Exploits0References1Affected Software2
osv
osv
added 2022/11/04 5:15 a.m.8 views

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

7.8CVSS5.9AI score0.00133EPSS
Exploits0References1
nvd
nvd
added 2022/11/04 5:15 a.m.28 views

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

7.8CVSS0.00133EPSS
Exploits0References1
prion
prion
added 2022/11/04 5:15 a.m.25 views

Information disclosure

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

4.3CVSS7.5AI score0.00133EPSS
Exploits0References1Affected Software2
cnnvd
cnnvd
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert 代码问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A code issue vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...

7.8CVSS7.7AI score0.00197EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...

7.8CVSS7.6AI score0.00187EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

7.8CVSS7.6AI score0.0011EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2022/11/04 12:0 a.m.8 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7CVSS7.4AI score0.0025EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/11/04 12:0 a.m.5 views

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

7.8CVSS7.6AI score0.00133EPSS
Exploits0References2
Rows per page
Query Builder