Lucene search
K

102 matches found

Cvelist
Cvelist
added 2020/12/01 2:44 p.m.33 views

CVE-2020-7546

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software see security notification for version information that could allow an attacker to perform actions on behalf of the authorized user when...

5.5AI score0.00617EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/01 12:0 a.m.11 views

Cross-Site Scripting Vulnerability in Multiple Schneider Electric Products

Schneider Electric EcoStruxure Power Monitoring Expert is a product of the French company Schneider Electric.Schneider Electric EcoStruxure Power Monitoring Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT environments.Schneider Electric...

5.4CVSS5.9AI score0.00617EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/19 12:0 a.m.8 views

Advantech WebAccess/SCADA Path Operation Code Execution Vulnerability

Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. A security vulnerability exists in the operation of the Advantech WebAccess/SCADA path, which could be exploited by a remote attacker to submit a specific request that could be used in the context of the...

8.8CVSS7.5AI score0.01509EPSS
Exploits0References1
ICS
ICS
added 2020/05/19 12:0 a.m.133 views

Emerson OpenEnterprise

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength 2. RISK EVALUATION...

10CVSS8AI score0.02992EPSS
Exploits0References5
CNVD
CNVD
added 2020/05/08 12:0 a.m.4 views

Advantech WebAccess Node SQL Injection Vulnerability

Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition and visualization. It is used to automate complex industrial processes where remote operation is required. An SQL injection vulnerability exists in Advantech WebAccess Node, which can be exploited by an...

7.5CVSS8.2AI score0.01529EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/22 12:0 a.m.4 views

IEC870IP driver buffer overflow vulnerability

AVEVA Vijeo Citect and AVEVA CitectSCADA are a suite of data acquisition and monitoring system SCADA software. iec870IP is one of the drivers. A buffer overflow vulnerability exists in the IEC870IP driver v4.14.02 and earlier versions, which can be exploited by an attacker to cause a server-side...

7.5CVSS7.2AI score0.01297EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/23 12:0 a.m.4 views

Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32464)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A buffer overflow vulnerability exists ...

9.8CVSS7.6AI score0.08553EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.27 views

LAquis SCADA Web Server Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product's webserver. The product contains...

7.5CVSS1.6AI score0.02375EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.18 views

LAquis SCADA LGX Report Memory Integer Untrusted Pointer Dereference Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

5CVSS1.3AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.19 views

LAquis SCADA LGX Report MemoryWriteWord Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS2.5AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.26 views

LAquis SCADA Web Server relatorionome TAG Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.lhtml. When parsing the TAG Element, th...

7.5CVSS3.9AI score0.02462EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.25 views

LAquis SCADA Web Server relatorioindividual TITULO Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorioindividual.lhtml. When parsing the TITULO...

7.5CVSS4.3AI score0.01984EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.17 views

LAquis SCADA LGX Report MemoryReadWord Untrusted Pointer Dereference Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

5CVSS1.3AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.16 views

LAquis SCADA LGX Report MemoryReadLong Untrusted Pointer Dereference Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

5CVSS1.3AI score0.02572EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.21 views

LAquis SCADA LGX Report File Open Path Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

5CVSS1.2AI score0.02572EPSS
Exploits0References1
NVD
NVD
added 2018/04/17 2:29 p.m.28 views

CVE-2017-6020

Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...

5.3CVSS5.3AI score0.08733EPSS
Exploits4References3
CNVD
CNVD
added 2018/02/26 12:0 a.m.4 views

Schneider Electric IGSS SCADA Software Local Code Execution Vulnerability

Schneider Electric IGSS SCADA Software is a shared service platform for SCADA Data Acquisition and Supervisory Control systems from Schneider Electric France. A security vulnerability exists in Schneider Electric IGSS SCADA Software version 12 and earlier, which stems from incorrect security...

7.8CVSS7.4AI score0.00386EPSS
Exploits0References1
ICS
ICS
added 2018/02/13 12:0 a.m.62 views

Schneider Electric IGSS SCADA Software

CVSS v3 7.0 ATTENTION: Locally exploitable/high skill level to exploit. Vendor: Schneider Electric Equipment: IGSS SCADA Software Vulnerability: Security Misconfiguration AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following IGSS SCADA Software products: IGSS...

7.8CVSS7.8AI score0.00386EPSS
Exploits0References4
NVD
NVD
added 2018/02/12 11:29 p.m.22 views

CVE-2017-9967

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...

7.8CVSS7.7AI score0.00386EPSS
Exploits0References2
Prion
Prion
added 2018/02/12 11:29 p.m.19 views

Security feature bypass

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...

4.6CVSS7.2AI score0.00386EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder