12 matches found
EUVD-2022-44857
Malicious code in bioql PyPI...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
Information disclosure
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41670
CVE-2022-41670 describes a path traversal vulnerability in the SGIUtility component that could allow local-privilege attackers to load a malicious DLL and execute code. Affected: EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). Root cause: ...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41669
Schneider Electric EcoStruxure Operator Terminal Expert and Pro-face BLUE are affected by CVE-2022-41669 due to improper verification of cryptographic signatures in the SGIUtility component. An attacker with local user privileges can load a malicious DLL, potentially executing arbitrary code on t...
PT-2022-6468 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to an improper verification of cryptographic signature in the SGIUtility component. This coul...