102 matches found
CVE-2020-7546
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software see security notification for version information that could allow an attacker to perform actions on behalf of the authorized user when...
Cross-Site Scripting Vulnerability in Multiple Schneider Electric Products
Schneider Electric EcoStruxure Power Monitoring Expert is a product of the French company Schneider Electric.Schneider Electric EcoStruxure Power Monitoring Schneider Electric EcoStruxure Power Monitoring Expert is a device for power distribution monitoring in IoT environments.Schneider Electric...
Advantech WebAccess/SCADA Path Operation Code Execution Vulnerability
Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. A security vulnerability exists in the operation of the Advantech WebAccess/SCADA path, which could be exploited by a remote attacker to submit a specific request that could be used in the context of the...
Emerson OpenEnterprise
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength 2. RISK EVALUATION...
Advantech WebAccess Node SQL Injection Vulnerability
Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition and visualization. It is used to automate complex industrial processes where remote operation is required. An SQL injection vulnerability exists in Advantech WebAccess Node, which can be exploited by an...
IEC870IP driver buffer overflow vulnerability
AVEVA Vijeo Citect and AVEVA CitectSCADA are a suite of data acquisition and monitoring system SCADA software. iec870IP is one of the drivers. A buffer overflow vulnerability exists in the IEC870IP driver v4.14.02 and earlier versions, which can be exploited by an attacker to cause a server-side...
Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32464)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A buffer overflow vulnerability exists ...
LAquis SCADA Web Server Hardcoded Credentials Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of login requests to the product's webserver. The product contains...
LAquis SCADA LGX Report Memory Integer Untrusted Pointer Dereference Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
LAquis SCADA LGX Report MemoryWriteWord Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
LAquis SCADA Web Server relatorionome TAG Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorionome.lhtml. When parsing the TAG Element, th...
LAquis SCADA Web Server relatorioindividual TITULO Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to relatorioindividual.lhtml. When parsing the TITULO...
LAquis SCADA LGX Report MemoryReadWord Untrusted Pointer Dereference Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
LAquis SCADA LGX Report MemoryReadLong Untrusted Pointer Dereference Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
LAquis SCADA LGX Report File Open Path Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
Schneider Electric IGSS SCADA Software Local Code Execution Vulnerability
Schneider Electric IGSS SCADA Software is a shared service platform for SCADA Data Acquisition and Supervisory Control systems from Schneider Electric France. A security vulnerability exists in Schneider Electric IGSS SCADA Software version 12 and earlier, which stems from incorrect security...
Schneider Electric IGSS SCADA Software
CVSS v3 7.0 ATTENTION: Locally exploitable/high skill level to exploit. Vendor: Schneider Electric Equipment: IGSS SCADA Software Vulnerability: Security Misconfiguration AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following IGSS SCADA Software products: IGSS...
CVE-2017-9967
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...
Security feature bypass
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization ASLR and Data Execution prevention DEP were not properly configured resulting in weak security...